xenorat | 7b38251641313fb55b8fb461accb8af284d8c2ec11c5da53b306a0e7b3271cdd | Triage

Submit
Reports

Overview

overview

Static

static

3

ESTADODECUENTA.xll

windows7-x64

7

ESTADODECUENTA.xll

windows10-2004-x64

Sharing

General

Target

ESTADODECUENTA.xll
Size

820KB
Sample

240615-l2bszawflb
MD5

a619cded29da7704aed4a84f24da47b9
SHA1

16bee7cb5587cd14a5937f9f7bc32e6e065ee2fe
SHA256

7b38251641313fb55b8fb461accb8af284d8c2ec11c5da53b306a0e7b3271cdd
SHA512

148b07b8f1b0668e71ab46f15fe7ee41b69c88bb86543f2def6f7ffa3614d7d61268d5450c0cfe7535f8900d86074143ad6cecb5b98b6c7d9bbd64c8bc6656c0
SSDEEP

12288:1G1N4HkcgMsiOd58bzbBSre6Q0uqZzD1reWabd/dbNZEEx/DLn0vkYHipwyA:1oOOMX1K+QHT+d9NZdxYHip

Score

10^/10

xenorat rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ESTADODECUENTA.xll

Resource

win7-20240611-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

ESTADODECUENTA.xll

Resource

win10v2004-20240508-en

xenorat rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Language

xlm4.0

Source

Extracted

Family

xenorat

C2

91.92.248.167

Mutex

Wolid_rat_nd8889g

Attributes

delay
60000
install_path
appdata
port
1279
startup_name
qns

Targets

- Target
  
  ESTADODECUENTA.xll
- Size
  
  820KB
- MD5
  
  a619cded29da7704aed4a84f24da47b9
- SHA1
  
  16bee7cb5587cd14a5937f9f7bc32e6e065ee2fe
- SHA256
  
  7b38251641313fb55b8fb461accb8af284d8c2ec11c5da53b306a0e7b3271cdd
- SHA512
  
  148b07b8f1b0668e71ab46f15fe7ee41b69c88bb86543f2def6f7ffa3614d7d61268d5450c0cfe7535f8900d86074143ad6cecb5b98b6c7d9bbd64c8bc6656c0
- SSDEEP
  
  12288:1G1N4HkcgMsiOd58bzbBSre6Q0uqZzD1reWabd/dbNZEEx/DLn0vkYHipwyA:1oOOMX1K+QHT+d9NZdxYHip
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

xenoratrattrojan

© 2018-2024

Terms | Privacy