General
-
Target
3e85bcf513c45d1d4ff742714cdde33230115c4a64a74d46770b3f62ad7a1c7d
-
Size
45KB
-
Sample
240612-q9v9ss1dpm
-
MD5
a02107a30c960620ce21bd2030442feb
-
SHA1
51ff3d68754c8b39479649691d5fcc1179fa07b6
-
SHA256
3e85bcf513c45d1d4ff742714cdde33230115c4a64a74d46770b3f62ad7a1c7d
-
SHA512
ed16c4048c255dbf80770f9fedbac6d8e4604d64cc7040a8d69a314c68313eed04bf1683dd14f9619e3b0d81756b3ed044f7a4768c0c0588f7d4b893f8ff2299
-
SSDEEP
768:9dhO/poiiUcjlJInpylF2I8H9Xqk5nWEZ5SbTDaauI7CPW57:zw+jjgnAlF2I8H9XqcnW85SbTXuIj
Malware Config
Extracted
xenorat
91.92.245.171
Xeno_rat_nd8912d
-
delay
5000
-
install_path
appdata
-
port
5764
-
startup_name
Chrome
Targets
-
-
Target
3e85bcf513c45d1d4ff742714cdde33230115c4a64a74d46770b3f62ad7a1c7d
-
Size
45KB
-
MD5
a02107a30c960620ce21bd2030442feb
-
SHA1
51ff3d68754c8b39479649691d5fcc1179fa07b6
-
SHA256
3e85bcf513c45d1d4ff742714cdde33230115c4a64a74d46770b3f62ad7a1c7d
-
SHA512
ed16c4048c255dbf80770f9fedbac6d8e4604d64cc7040a8d69a314c68313eed04bf1683dd14f9619e3b0d81756b3ed044f7a4768c0c0588f7d4b893f8ff2299
-
SSDEEP
768:9dhO/poiiUcjlJInpylF2I8H9Xqk5nWEZ5SbTDaauI7CPW57:zw+jjgnAlF2I8H9XqcnW85SbTXuIj
Score10/10-
XenorRat
XenorRat is a remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-