xenorat | 72e0f8bf690b647ae965d9a99f89c4f04c3b9500aac53f2a3fd376a2546b287a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Synapse X ...er.exe

windows7-x64

Synapse X ...er.exe

windows10-2004-x64

Sharing

General

Target

Synapse X Installer.exe
Size

43KB
Sample

240525-yhnpmsge27
MD5

769aad21a347b7576895910e55970390
SHA1

36831993993050af72ea201cfa6ebc4726860e56
SHA256

72e0f8bf690b647ae965d9a99f89c4f04c3b9500aac53f2a3fd376a2546b287a
SHA512

9bb36a376f0b3e8a26a813f1054bf92a9ca737bd9eb96403d28b4edb81c361408a058e5ccefda3e44bbf4943d9799203665161b02394d35a05faa20851f670a5
SSDEEP

768:d/jqPyqisr4dGirXAHg5rbWDdJwtZ69e7Sd/bDXNJb7bTDa/o1IV27C1:tNqwohJKZ69eKjBJb7bT2o1IgC1

Score

10^/10

xenorat rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Synapse X Installer.exe

Resource

win7-20240508-en

xenorat rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Synapse X Installer.exe

Resource

win10v2004-20240426-en

xenorat rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

xenorat

C2

192.168.1.219

Mutex

131313131323

Attributes

delay
1000
install_path
temp
port
1234
startup_name
Windows Client

Targets

- Target
  
  Synapse X Installer.exe
- Size
  
  43KB
- MD5
  
  769aad21a347b7576895910e55970390
- SHA1
  
  36831993993050af72ea201cfa6ebc4726860e56
- SHA256
  
  72e0f8bf690b647ae965d9a99f89c4f04c3b9500aac53f2a3fd376a2546b287a
- SHA512
  
  9bb36a376f0b3e8a26a813f1054bf92a9ca737bd9eb96403d28b4edb81c361408a058e5ccefda3e44bbf4943d9799203665161b02394d35a05faa20851f670a5
- SSDEEP
  
  768:d/jqPyqisr4dGirXAHg5rbWDdJwtZ69e7Sd/bDXNJb7bTDa/o1IV27C1:tNqwohJKZ69eKjBJb7bT2o1IgC1
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.