Overview

overview

10

Static

static

10

stub2.exe

windows10-1703-x64

10

stub2.exe

windows7-x64

10

stub2.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    stub2.exe

  • Size

    45KB

  • Sample

    240513-sfjd9acc35

  • MD5

    375395b1fb6017ba3c4af4f1317ef7c3

  • SHA1

    109e31925a757348ca517eb69cb129d1b471d16e

  • SHA256

    8de191bee3f6ca50411f20a46b2bd1170d4a7a012bdbed151f2854dd7f1afdc8

  • SHA512

    bbfcf92f9570660e16d1d93f714368822ee5823eb8314ac102568b7f10fcbaa4033aa786a4bc329cbfd64b7e9b8a91f56cb472eff78882eade0306c8b65d3bf0

  • SSDEEP

    768:9dhO/poiiUcjlJInfYH9Xqk5nWEZ5SbTDa1uI7CPW5s:zw+jjgnwH9XqcnW85SbTIuI0

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

himekosworld-37849.portmap.host

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    temp

  • port

    37849

  • startup_name

    nothingset

Targets

    • Target

      stub2.exe

    • Size

      45KB

    • MD5

      375395b1fb6017ba3c4af4f1317ef7c3

    • SHA1

      109e31925a757348ca517eb69cb129d1b471d16e

    • SHA256

      8de191bee3f6ca50411f20a46b2bd1170d4a7a012bdbed151f2854dd7f1afdc8

    • SHA512

      bbfcf92f9570660e16d1d93f714368822ee5823eb8314ac102568b7f10fcbaa4033aa786a4bc329cbfd64b7e9b8a91f56cb472eff78882eade0306c8b65d3bf0

    • SSDEEP

      768:9dhO/poiiUcjlJInfYH9Xqk5nWEZ5SbTDa1uI7CPW5s:zw+jjgnwH9XqcnW85SbTIuI0

    Score
    10/10
    xenoratrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks