xenorat | 66f635bf805463c4a83b969ac8d4cc563b2feadaea0460dc22c5f53be72a9223 | Triage

Sharing

General

Target

66f635bf805463c4a83b969ac8d4cc563b2feadaea0460dc22c5f53be72a9223
Size

955KB
Sample

240530-nn244sgf94
MD5

94f798a6cc5738e8924c9c0b3d2abb1e
SHA1

5714cb7b382dab9977c99c94294561bc42d3166e
SHA256

66f635bf805463c4a83b969ac8d4cc563b2feadaea0460dc22c5f53be72a9223
SHA512

7b301bddf5d8a3602805754dc995bb4ee88c957b1029e3a17a0ed10d85cc60b1c603a8953a521cae283c39e2ecf69e1253db92cc89dacd46a45d2c72837ce0e4
SSDEEP

24576:duDXTIGaPhEYzUzA0qxUAUBqG8DCRG7F9V5:ADjlabwz9M7WRG59V5

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

23.243.100.240

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
Windows Security

Targets

- Target
  
  66f635bf805463c4a83b969ac8d4cc563b2feadaea0460dc22c5f53be72a9223
- Size
  
  955KB
- MD5
  
  94f798a6cc5738e8924c9c0b3d2abb1e
- SHA1
  
  5714cb7b382dab9977c99c94294561bc42d3166e
- SHA256
  
  66f635bf805463c4a83b969ac8d4cc563b2feadaea0460dc22c5f53be72a9223
- SHA512
  
  7b301bddf5d8a3602805754dc995bb4ee88c957b1029e3a17a0ed10d85cc60b1c603a8953a521cae283c39e2ecf69e1253db92cc89dacd46a45d2c72837ce0e4
- SSDEEP
  
  24576:duDXTIGaPhEYzUzA0qxUAUBqG8DCRG7F9V5:ADjlabwz9M7WRG59V5
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2