xenorat | 7c4c85dc3b36fcec57a3eb5a21eacf1e9cff0745c25c317036b927cb85d24182 | Triage

Sharing

General

Target

16937.exe
Size

45KB
Sample

240607-ytwjmace9w
MD5

7302cc01869548ae491f52a9a37a6bb2
SHA1

9450bd5b7d14408e058f16d2305cda6f1ebd102e
SHA256

7c4c85dc3b36fcec57a3eb5a21eacf1e9cff0745c25c317036b927cb85d24182
SHA512

3a6bd57ab2d30414521f1e0ef918e158b18dabbca9d68dd35a99bb3e97e0e3982d11e496354dbdbe3a65395d5bb1195a77d657d25f40185bbe795883b4de5754
SSDEEP

768:ddhO/poiiUcjlJInSzH9Xqk5nWEZ5SbTDaVWI7CPW52:Tw+jjgnAH9XqcnW85SbT8WI+

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

192.168.100.78

Mutex

Putty

Attributes

delay
5000
install_path
appdata
port
4782
startup_name
Windows Updater

Targets

- Target
  
  16937.exe
- Size
  
  45KB
- MD5
  
  7302cc01869548ae491f52a9a37a6bb2
- SHA1
  
  9450bd5b7d14408e058f16d2305cda6f1ebd102e
- SHA256
  
  7c4c85dc3b36fcec57a3eb5a21eacf1e9cff0745c25c317036b927cb85d24182
- SHA512
  
  3a6bd57ab2d30414521f1e0ef918e158b18dabbca9d68dd35a99bb3e97e0e3982d11e496354dbdbe3a65395d5bb1195a77d657d25f40185bbe795883b4de5754
- SSDEEP
  
  768:ddhO/poiiUcjlJInSzH9Xqk5nWEZ5SbTDaVWI7CPW52:Tw+jjgnAH9XqcnW85SbT8WI+
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xenoratrattrojan