General

  • Target

    b2761c56fae2f7a539afb079f5cc412c2d5e881f8fc6d59532d3fbf8e2562008.exe

  • Size

    244KB

  • Sample

    240606-l3cfwsdf79

  • MD5

    7f9e14483d7849bf60819d8898e8ee58

  • SHA1

    35f0869454078cda5fc8ec447808c91faa5e2b13

  • SHA256

    b2761c56fae2f7a539afb079f5cc412c2d5e881f8fc6d59532d3fbf8e2562008

  • SHA512

    9fe6db997c7134aac7c83f92f8278ef359a56dec4dbddaaef23b2138b6a9b551a647772b020c2ed01d72df7888c0fa7a6583e5e4e2d90fa4bbd3a9a5d150305f

  • SSDEEP

    6144:xWMPLGzI/4Nw04UNIFs/bmKwlMvxG++0RKsOTG0L8I:xWMPKIjtFEZwIRKsOTG0LZ

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

dns.dobiamfollollc.online

Mutex

Solid_rat_nd8889g

Attributes
  • delay

    61000

  • install_path

    appdata

  • port

    1283

  • startup_name

    bns

Targets

    • Target

      b2761c56fae2f7a539afb079f5cc412c2d5e881f8fc6d59532d3fbf8e2562008.exe

    • Size

      244KB

    • MD5

      7f9e14483d7849bf60819d8898e8ee58

    • SHA1

      35f0869454078cda5fc8ec447808c91faa5e2b13

    • SHA256

      b2761c56fae2f7a539afb079f5cc412c2d5e881f8fc6d59532d3fbf8e2562008

    • SHA512

      9fe6db997c7134aac7c83f92f8278ef359a56dec4dbddaaef23b2138b6a9b551a647772b020c2ed01d72df7888c0fa7a6583e5e4e2d90fa4bbd3a9a5d150305f

    • SSDEEP

      6144:xWMPLGzI/4Nw04UNIFs/bmKwlMvxG++0RKsOTG0L8I:xWMPKIjtFEZwIRKsOTG0LZ

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks