Overview

overview

10

Static

static

1

httpsgithu...ar.txt

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    httpsgithub.comdiscord1ggWUFGKADFLastExternalreleasestagsolar.txt

  • Size

    69B

  • Sample

    240521-bplgjadh6x

  • MD5

    3953e278bc14b68f8dd59633c05ce74d

  • SHA1

    d67cf05a8dac0eb133fa0cc37b761eeb80d63bda

  • SHA256

    b7302ba3d49a98ca752e1987299824841feff97f57c0d9db7dcf0ad4b5480beb

  • SHA512

    7e36f0033729b1622a2cd89bc1cbd2aae8cae29b71c784ba24a1318652cc3b066bc2161a5ba84b1f1387e42b9ca0d8095aabeb7665574446f8bb9f3e30a38b36

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    1

  • install_path

    appdata

  • port

    8080

  • startup_name

    Cra

Targets

    • Target

      httpsgithub.comdiscord1ggWUFGKADFLastExternalreleasestagsolar.txt

    • Size

      69B

    • MD5

      3953e278bc14b68f8dd59633c05ce74d

    • SHA1

      d67cf05a8dac0eb133fa0cc37b761eeb80d63bda

    • SHA256

      b7302ba3d49a98ca752e1987299824841feff97f57c0d9db7dcf0ad4b5480beb

    • SHA512

      7e36f0033729b1622a2cd89bc1cbd2aae8cae29b71c784ba24a1318652cc3b066bc2161a5ba84b1f1387e42b9ca0d8095aabeb7665574446f8bb9f3e30a38b36

    Score
    10/10
    xenoratrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks