Overview

overview

10

Static

static

10

$seroxen-monkey.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    $seroxen-monkey.exe

  • Size

    55KB

  • Sample

    240617-wbgawasaml

  • MD5

    1936e8941d3d7450e6e6c3d442bdb435

  • SHA1

    01de40c456fd23cd2e47fa8f2482e9de1457da84

  • SHA256

    018d9108b39ca28180b68fb1b96a4ec9c3dc29721605c45c028f4753b58dbcd6

  • SHA512

    cfc37f09b6aa945ac86a395a34e88c918c1175d5fd1da6ef37bb61ea2bb75f5b2c6a108a1e89e8a4fe6b155c09a6c744a15dfa7c6400a14892cea665041d9855

  • SSDEEP

    768:+mv1HjsdCOPVauou790wjyxS1X1ukFHNsgsWpDJXbJgg+z6bximNgG:71HgVauoHuv1X1dts6BJXbJse/uG

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

our-brochure.gl.at.ply.gg

Mutex

monkeys_littless_nd8912d

Attributes
  • delay

    3000

  • install_path

    temp

  • port

    32731

  • startup_name

    Updaters

Targets

    • Target

      $seroxen-monkey.exe

    • Size

      55KB

    • MD5

      1936e8941d3d7450e6e6c3d442bdb435

    • SHA1

      01de40c456fd23cd2e47fa8f2482e9de1457da84

    • SHA256

      018d9108b39ca28180b68fb1b96a4ec9c3dc29721605c45c028f4753b58dbcd6

    • SHA512

      cfc37f09b6aa945ac86a395a34e88c918c1175d5fd1da6ef37bb61ea2bb75f5b2c6a108a1e89e8a4fe6b155c09a6c744a15dfa7c6400a14892cea665041d9855

    • SSDEEP

      768:+mv1HjsdCOPVauou790wjyxS1X1ukFHNsgsWpDJXbJgg+z6bximNgG:71HgVauoHuv1X1dts6BJXbJse/uG

    Score
    10/10
    xenoratrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks