xenorat | 8973493f5780a045804e043f61bd6d09ee3f6a9ffbbdd884561363d45b991aa5 | Triage

Sharing

General

Target

rrrrrrrrr.exe
Size

45KB
Sample

240518-pyyecacb35
MD5

ccf13eb6f6f64cd29d255130bb3117cc
SHA1

684aa3eaf70d4bad183847c7a4d20f64ef9a19f7
SHA256

8973493f5780a045804e043f61bd6d09ee3f6a9ffbbdd884561363d45b991aa5
SHA512

f53e39fbe0f810c4372bcd164a1ca1d9ac3f1722272d3d3af2fa1931c4d1cf1d2d6323c4158c33a7e823dbf0260339925384752f208ced4d75a2dbb29393f869
SSDEEP

768:hdhO/poiiUcjlJIns0H9Xqk5nWEZ5SbTDakuI7CPW5P:fw+jjgn1H9XqcnW85SbTRuIH

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

192.168.56.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
server 32

Targets

- Target
  
  rrrrrrrrr.exe
- Size
  
  45KB
- MD5
  
  ccf13eb6f6f64cd29d255130bb3117cc
- SHA1
  
  684aa3eaf70d4bad183847c7a4d20f64ef9a19f7
- SHA256
  
  8973493f5780a045804e043f61bd6d09ee3f6a9ffbbdd884561363d45b991aa5
- SHA512
  
  f53e39fbe0f810c4372bcd164a1ca1d9ac3f1722272d3d3af2fa1931c4d1cf1d2d6323c4158c33a7e823dbf0260339925384752f208ced4d75a2dbb29393f869
- SSDEEP
  
  768:hdhO/poiiUcjlJIns0H9Xqk5nWEZ5SbTDakuI7CPW5P:fw+jjgn1H9XqcnW85SbTRuIH
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xenoratrattrojan