xenorat | a94a79df8c332ae5de59b99853ae97dc8a1fc272818a146bd7ad1d5e295611c5 | Triage

Sharing

General

Target

optimiser.exe
Size

431KB
Sample

240612-2e9z9axalr
MD5

74cb80305f51ff0585928c12be72dddd
SHA1

727a72de8f439beebf028f21d3cb58f45f99e42a
SHA256

a94a79df8c332ae5de59b99853ae97dc8a1fc272818a146bd7ad1d5e295611c5
SHA512

21775770e10ae19302d198d7c48799bc510aee0c7e92563798ba151760181facc6ba9452400cde84e3018881ec1a54ac82d1fd9b587c4bc2305af3b5793cf178
SSDEEP

12288:9uBadWfqCQi/szyz7FaFAf69ffou1R1L:9iadWfEssOzZusmPR

Score

10^/10

xenorat execution rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Attributes

delay
5000
install_path
temp
port
7788
startup_name
lol

Targets

- Target
  
  optimiser.exe
- Size
  
  431KB
- MD5
  
  74cb80305f51ff0585928c12be72dddd
- SHA1
  
  727a72de8f439beebf028f21d3cb58f45f99e42a
- SHA256
  
  a94a79df8c332ae5de59b99853ae97dc8a1fc272818a146bd7ad1d5e295611c5
- SHA512
  
  21775770e10ae19302d198d7c48799bc510aee0c7e92563798ba151760181facc6ba9452400cde84e3018881ec1a54ac82d1fd9b587c4bc2305af3b5793cf178
- SSDEEP
  
  12288:9uBadWfqCQi/szyz7FaFAf69ffou1R1L:9iadWfEssOzZusmPR
Score

10^/10

execution xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xenoratexecutionrattrojan