Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

valochesse.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    valochesse.exe

  • Size

    45KB

  • Sample

    240515-tkpx9shb66

  • MD5

    804fd6f013a48648f5d2232bca5bdb22

  • SHA1

    b2e90724822c99e3b761e79990af49e824e2b76a

  • SHA256

    e29b6f39017aebfd1768cd55ca32c93247e95c17cea77fb3ee68368d89aecf71

  • SHA512

    86c1d6e032ccee7d8076430f44fe20ba773c064e57d1b3cd07096438989b68c8814be3f375a450202f7eca949d441474e91ccddbb37e17e690e22aac7353c025

  • SSDEEP

    768:gdhO/poiiUcjlJInqbqmH9Xqk5nWEZ5SbTDa60WI7CPW59:Sw+jjgnIH9XqcnW85SbTx0WIl

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

2.tcp.eu.ngrok.io

Mutex

xeno-rat

Attributes
  • delay

    100

  • install_path

    appdata

  • port

    19034

  • startup_name

    tapware

Targets

    • Target

      valochesse.exe

    • Size

      45KB

    • MD5

      804fd6f013a48648f5d2232bca5bdb22

    • SHA1

      b2e90724822c99e3b761e79990af49e824e2b76a

    • SHA256

      e29b6f39017aebfd1768cd55ca32c93247e95c17cea77fb3ee68368d89aecf71

    • SHA512

      86c1d6e032ccee7d8076430f44fe20ba773c064e57d1b3cd07096438989b68c8814be3f375a450202f7eca949d441474e91ccddbb37e17e690e22aac7353c025

    • SSDEEP

      768:gdhO/poiiUcjlJInqbqmH9Xqk5nWEZ5SbTDa60WI7CPW59:Sw+jjgnIH9XqcnW85SbTx0WIl

    Score
    10/10
    xenoratrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks