General

  • Target

    eulenbet.exe

  • Size

    181KB

  • Sample

    240531-2hvpqsgg75

  • MD5

    c4041e19c6b52778b1885e109e15127b

  • SHA1

    adf0226f2014540fa230e7c24afca0732fbb02ec

  • SHA256

    295a87700cdc0f4e493fbf4be933bd390a5dc0b0ee7ef50f78715b946a505579

  • SHA512

    50f4e5fc0a3b2331edb4da18d9f5d5c9249c63912311b7d4d5808df0d473fb0c4f0ad0be148abfd97e01f647e28b8c49efa555dd58d206f778030e1c62996dd3

  • SSDEEP

    1536:bxw+jjgnCH9XqcnW85SbTeWI30n+iQpXIJUuzDSZeit22i8PwQBVD39M0h:bxw+jq891UbTe64uzDSEG2dCBVDtMu

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

character-acquisitions.gl.at.ply.gg

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    36301

  • startup_name

    explorers

Targets

    • Target

      eulenbet.exe

    • Size

      181KB

    • MD5

      c4041e19c6b52778b1885e109e15127b

    • SHA1

      adf0226f2014540fa230e7c24afca0732fbb02ec

    • SHA256

      295a87700cdc0f4e493fbf4be933bd390a5dc0b0ee7ef50f78715b946a505579

    • SHA512

      50f4e5fc0a3b2331edb4da18d9f5d5c9249c63912311b7d4d5808df0d473fb0c4f0ad0be148abfd97e01f647e28b8c49efa555dd58d206f778030e1c62996dd3

    • SSDEEP

      1536:bxw+jjgnCH9XqcnW85SbTeWI30n+iQpXIJUuzDSZeit22i8PwQBVD39M0h:bxw+jq891UbTe64uzDSEG2dCBVDtMu

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks