xenorat | fb4597aca89557766465e052c062f6bc33178999c4ae7813f66e090a12f261f4 | Triage

Sharing

General

Target

1.exe
Size

45KB
Sample

240607-y1y84adf58
MD5

b41a12a0d37ef53287dbd761804a662d
SHA1

ed358f847690d011eee6fd4bcb65eef9891fc00a
SHA256

fb4597aca89557766465e052c062f6bc33178999c4ae7813f66e090a12f261f4
SHA512

372e510b1359045c2bd0dc4f3a613d11d49fcc7f2ce3eff62229536fea32ea420122f1b89ecee76a96d9ca3890353607518592da00bc3efe14937957983d9c22
SSDEEP

768:hdhO/poiiUcjlJInt0H9Xqk5nWEZ5SbTDaVuI7CPW55:fw+jjgn2H9XqcnW85SbTouIB

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

192.168.100.78

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
nothingset

Targets

- Target
  
  1.exe
- Size
  
  45KB
- MD5
  
  b41a12a0d37ef53287dbd761804a662d
- SHA1
  
  ed358f847690d011eee6fd4bcb65eef9891fc00a
- SHA256
  
  fb4597aca89557766465e052c062f6bc33178999c4ae7813f66e090a12f261f4
- SHA512
  
  372e510b1359045c2bd0dc4f3a613d11d49fcc7f2ce3eff62229536fea32ea420122f1b89ecee76a96d9ca3890353607518592da00bc3efe14937957983d9c22
- SSDEEP
  
  768:hdhO/poiiUcjlJInt0H9Xqk5nWEZ5SbTDaVuI7CPW55:fw+jjgn2H9XqcnW85SbTouIB
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xenoratrattrojan