xenorat | c671f88c82c2d0f234e637f4a76f34bb1f9ec381a05419bda0ded20d2659fee4 | Triage

Sharing

General

Target

puttson.exe
Size

45KB
Sample

240607-yyzrvacf3x
MD5

245b17283d08c683a8a3438b139fddd5
SHA1

5954e69b83c1fd5074d79dfe2fb1c2d492d7ef12
SHA256

c671f88c82c2d0f234e637f4a76f34bb1f9ec381a05419bda0ded20d2659fee4
SHA512

a9a728f220f01db52335dd0c87a3aa6354e29d434af1a9b5417a98ce3be95eecf2379d458bc73b2d903c578ec21423f7d29d1fecfdd44bc9548ae680b2f1439c
SSDEEP

768:AdhO/poiiUcjlJIn0bqmH9Xqk5nWEZ5SbTDalWI7CPW5a:yw+jjgn2H9XqcnW85SbTkWIS

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

192.168.100.78

Mutex

Putty1

Attributes

delay
5000
install_path
temp
port
4782
startup_name
Windows Updater

Targets

- Target
  
  puttson.exe
- Size
  
  45KB
- MD5
  
  245b17283d08c683a8a3438b139fddd5
- SHA1
  
  5954e69b83c1fd5074d79dfe2fb1c2d492d7ef12
- SHA256
  
  c671f88c82c2d0f234e637f4a76f34bb1f9ec381a05419bda0ded20d2659fee4
- SHA512
  
  a9a728f220f01db52335dd0c87a3aa6354e29d434af1a9b5417a98ce3be95eecf2379d458bc73b2d903c578ec21423f7d29d1fecfdd44bc9548ae680b2f1439c
- SSDEEP
  
  768:AdhO/poiiUcjlJIn0bqmH9Xqk5nWEZ5SbTDalWI7CPW5a:yw+jjgn2H9XqcnW85SbTkWIS
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xenoratrattrojan