Overview

overview

10

Static

static

10

1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.exe

  • Size

    45KB

  • Sample

    240607-y1y84adf58

  • MD5

    b41a12a0d37ef53287dbd761804a662d

  • SHA1

    ed358f847690d011eee6fd4bcb65eef9891fc00a

  • SHA256

    fb4597aca89557766465e052c062f6bc33178999c4ae7813f66e090a12f261f4

  • SHA512

    372e510b1359045c2bd0dc4f3a613d11d49fcc7f2ce3eff62229536fea32ea420122f1b89ecee76a96d9ca3890353607518592da00bc3efe14937957983d9c22

  • SSDEEP

    768:hdhO/poiiUcjlJInt0H9Xqk5nWEZ5SbTDaVuI7CPW55:fw+jjgn2H9XqcnW85SbTouIB

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

192.168.100.78

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    nothingset

Targets

    • Target

      1.exe

    • Size

      45KB

    • MD5

      b41a12a0d37ef53287dbd761804a662d

    • SHA1

      ed358f847690d011eee6fd4bcb65eef9891fc00a

    • SHA256

      fb4597aca89557766465e052c062f6bc33178999c4ae7813f66e090a12f261f4

    • SHA512

      372e510b1359045c2bd0dc4f3a613d11d49fcc7f2ce3eff62229536fea32ea420122f1b89ecee76a96d9ca3890353607518592da00bc3efe14937957983d9c22

    • SSDEEP

      768:hdhO/poiiUcjlJInt0H9Xqk5nWEZ5SbTDaVuI7CPW55:fw+jjgn2H9XqcnW85SbTouIB

    Score
    10/10
    xenoratrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks