xenorat | d071868b4382c3506b31854161fde2ca4025f72c990edb2ea5bb304be6fc993a | Triage

Sharing

General

Target

SynapseX.revamaped.V1.4.rar
Size

659KB
Sample

240524-2njjnadg5v
MD5

135352fdf658ca571d58e51457bdb786
SHA1

dbd906969016614a4aa002872d0881600e8536e5
SHA256

d071868b4382c3506b31854161fde2ca4025f72c990edb2ea5bb304be6fc993a
SHA512

69486938b91c4ddc703a8992ba3cd0011028d391713cab063fec9747483a08ab9eaccc760d8f01d59db7f8c40d970d3675309836d3948165a559665cfd8bd86b
SSDEEP

12288:MPSH3BnY7Y78MKc1yLt6OX2CqsfcTJalg7BBU0g+6qBeS02xdJXWhd3cEx5sCB9x:SSH3qcqc1yRxtqW4alg7vgpj2zJmhdM4

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

192.168.1.219

Mutex

131313131323

Attributes

delay
1000
install_path
temp
port
1234
startup_name
Windows Client

Targets

- Target
  
  SynapseX.revamaped.V1.4.rar
- Size
  
  659KB
- MD5
  
  135352fdf658ca571d58e51457bdb786
- SHA1
  
  dbd906969016614a4aa002872d0881600e8536e5
- SHA256
  
  d071868b4382c3506b31854161fde2ca4025f72c990edb2ea5bb304be6fc993a
- SHA512
  
  69486938b91c4ddc703a8992ba3cd0011028d391713cab063fec9747483a08ab9eaccc760d8f01d59db7f8c40d970d3675309836d3948165a559665cfd8bd86b
- SSDEEP
  
  12288:MPSH3BnY7Y78MKc1yLt6OX2CqsfcTJalg7BBU0g+6qBeS02xdJXWhd3cEx5sCB9x:SSH3qcqc1yRxtqW4alg7vgpj2zJmhdM4
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xenoratrattrojan