General

  • Target

    lool.bat

  • Size

    75KB

  • Sample

    240612-17yl9awfnl

  • MD5

    210c28d7e7091f344df74d092b50ed4a

  • SHA1

    6ed289b6635ca3a6cfcdf30f2bd2c9e6e7712a11

  • SHA256

    2c979bce124c9b38ddc271abd603b742b6b998b4e2df27e5c3260cb4bbe24031

  • SHA512

    21771f1243ad54c69b9c3ad841dcf791e68015764870b6cdf9b483fa7f601d65adc9782af80a99c5df58b3a538d2789bdbf732b744790936d5abd28dc1d08659

  • SSDEEP

    1536:um3tLk9b1GjzKddsAjcYy2B815PiJJbkizNvPSPviQLxw:uqz1S5vQA

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    7788

  • startup_name

    lol

Targets

    • Target

      lool.bat

    • Size

      75KB

    • MD5

      210c28d7e7091f344df74d092b50ed4a

    • SHA1

      6ed289b6635ca3a6cfcdf30f2bd2c9e6e7712a11

    • SHA256

      2c979bce124c9b38ddc271abd603b742b6b998b4e2df27e5c3260cb4bbe24031

    • SHA512

      21771f1243ad54c69b9c3ad841dcf791e68015764870b6cdf9b483fa7f601d65adc9782af80a99c5df58b3a538d2789bdbf732b744790936d5abd28dc1d08659

    • SSDEEP

      1536:um3tLk9b1GjzKddsAjcYy2B815PiJJbkizNvPSPviQLxw:uqz1S5vQA

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.