xenorat | e29b6f39017aebfd1768cd55ca32c93247e95c17cea77fb3ee68368d89aecf71 | Triage

Sharing

General

Target

valochesse.exe
Size

45KB
Sample

240515-tkpx9shb66
MD5

804fd6f013a48648f5d2232bca5bdb22
SHA1

b2e90724822c99e3b761e79990af49e824e2b76a
SHA256

e29b6f39017aebfd1768cd55ca32c93247e95c17cea77fb3ee68368d89aecf71
SHA512

86c1d6e032ccee7d8076430f44fe20ba773c064e57d1b3cd07096438989b68c8814be3f375a450202f7eca949d441474e91ccddbb37e17e690e22aac7353c025
SSDEEP

768:gdhO/poiiUcjlJInqbqmH9Xqk5nWEZ5SbTDa60WI7CPW59:Sw+jjgnIH9XqcnW85SbTx0WIl

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

2.tcp.eu.ngrok.io

Mutex

xeno-rat

Attributes

delay
100
install_path
appdata
port
19034
startup_name
tapware

Targets

- Target
  
  valochesse.exe
- Size
  
  45KB
- MD5
  
  804fd6f013a48648f5d2232bca5bdb22
- SHA1
  
  b2e90724822c99e3b761e79990af49e824e2b76a
- SHA256
  
  e29b6f39017aebfd1768cd55ca32c93247e95c17cea77fb3ee68368d89aecf71
- SHA512
  
  86c1d6e032ccee7d8076430f44fe20ba773c064e57d1b3cd07096438989b68c8814be3f375a450202f7eca949d441474e91ccddbb37e17e690e22aac7353c025
- SSDEEP
  
  768:gdhO/poiiUcjlJInqbqmH9Xqk5nWEZ5SbTDa60WI7CPW59:Sw+jjgnIH9XqcnW85SbTx0WIl
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan