General

  • Target

    incognito-beta.exe

  • Size

    45KB

  • Sample

    240530-xbwk8shc83

  • MD5

    3110b35fe4c0b011bda32853cf6ea8e5

  • SHA1

    99e01bbec76e7b17fce3a9992bf59453aa5f1344

  • SHA256

    a99db0013ba923fc71f497d838ecc385d19aad27a51a079895d879f59b22a4ad

  • SHA512

    1b804db6a4c0ef1a5726fb05767f62bbe19dcb06c9072e024a457e2aa2cb080cbd815e4018878bd402e2a190d3f567946cdf35b5eede1af431fb11d7dc2e46f4

  • SSDEEP

    768:SdhO/poiiUcjlJInrlH9Xqk5nWEZ5SbTDaBWI7CPW5h:0w+jjgnJH9XqcnW85SbTgWI5

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    3243

  • startup_name

    nothingset

Targets

    • Target

      incognito-beta.exe

    • Size

      45KB

    • MD5

      3110b35fe4c0b011bda32853cf6ea8e5

    • SHA1

      99e01bbec76e7b17fce3a9992bf59453aa5f1344

    • SHA256

      a99db0013ba923fc71f497d838ecc385d19aad27a51a079895d879f59b22a4ad

    • SHA512

      1b804db6a4c0ef1a5726fb05767f62bbe19dcb06c9072e024a457e2aa2cb080cbd815e4018878bd402e2a190d3f567946cdf35b5eede1af431fb11d7dc2e46f4

    • SSDEEP

      768:SdhO/poiiUcjlJInrlH9Xqk5nWEZ5SbTDaBWI7CPW5h:0w+jjgnJH9XqcnW85SbTgWI5

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks