xenorat | dd4b30cd3c1ed3b6ff0952f5aa9e14a334a4bd11a09cdc7ab37aa45cfd739328 | Triage

Sharing

General

Target

skididbop.exe
Size

45KB
Sample

240523-x4n2vsdc59
MD5

3c8c937572ec914fcec514388198512c
SHA1

45b51ee6aa6eaa491dde2e536ccfeb93f13519a4
SHA256

dd4b30cd3c1ed3b6ff0952f5aa9e14a334a4bd11a09cdc7ab37aa45cfd739328
SHA512

0303eb186bf0b388b23a359992386da1b4f65988655590717bc37ac6860a2529eae575ee0d03245b94c1e6c68cea5731ce46dfe2f373bb856cb43a874edbf6e6
SSDEEP

768:6dhO/poiiUcjlJInVFH9Xqk5nWEZ5SbTDa/WI7CPW5N:cw+jjgnrH9XqcnW85SbTWWIF

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

45.88.186.12

Mutex

2

Attributes

install_path
appdata
port
5050
startup_name
svchost

Targets

- Target
  
  skididbop.exe
- Size
  
  45KB
- MD5
  
  3c8c937572ec914fcec514388198512c
- SHA1
  
  45b51ee6aa6eaa491dde2e536ccfeb93f13519a4
- SHA256
  
  dd4b30cd3c1ed3b6ff0952f5aa9e14a334a4bd11a09cdc7ab37aa45cfd739328
- SHA512
  
  0303eb186bf0b388b23a359992386da1b4f65988655590717bc37ac6860a2529eae575ee0d03245b94c1e6c68cea5731ce46dfe2f373bb856cb43a874edbf6e6
- SSDEEP
  
  768:6dhO/poiiUcjlJInVFH9Xqk5nWEZ5SbTDa/WI7CPW5N:cw+jjgnrH9XqcnW85SbTWWIF
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan