xenorat | 018d9108b39ca28180b68fb1b96a4ec9c3dc29721605c45c028f4753b58dbcd6 | Triage

Submit
Reports

Overview

overview

Static

static

$seroxen-monkey.exe

windows10-2004-x64

Sharing

General

Target

$seroxen-monkey.exe
Size

55KB
Sample

240617-wbgawasaml
MD5

1936e8941d3d7450e6e6c3d442bdb435
SHA1

01de40c456fd23cd2e47fa8f2482e9de1457da84
SHA256

018d9108b39ca28180b68fb1b96a4ec9c3dc29721605c45c028f4753b58dbcd6
SHA512

cfc37f09b6aa945ac86a395a34e88c918c1175d5fd1da6ef37bb61ea2bb75f5b2c6a108a1e89e8a4fe6b155c09a6c744a15dfa7c6400a14892cea665041d9855
SSDEEP

768:+mv1HjsdCOPVauou790wjyxS1X1ukFHNsgsWpDJXbJgg+z6bximNgG:71HgVauoHuv1X1dts6BJXbJse/uG

Score

10^/10

xenorat rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

$seroxen-monkey.exe

Resource

win10v2004-20240508-en

xenorat rat trojan

windows10-2004-x64

14 signatures

1800 seconds

Malware Config

Extracted

Family

xenorat

C2

our-brochure.gl.at.ply.gg

Mutex

monkeys_littless_nd8912d

Attributes

delay
3000
install_path
temp
port
32731
startup_name
Updaters

Targets

- Target
  
  $seroxen-monkey.exe
- Size
  
  55KB
- MD5
  
  1936e8941d3d7450e6e6c3d442bdb435
- SHA1
  
  01de40c456fd23cd2e47fa8f2482e9de1457da84
- SHA256
  
  018d9108b39ca28180b68fb1b96a4ec9c3dc29721605c45c028f4753b58dbcd6
- SHA512
  
  cfc37f09b6aa945ac86a395a34e88c918c1175d5fd1da6ef37bb61ea2bb75f5b2c6a108a1e89e8a4fe6b155c09a6c744a15dfa7c6400a14892cea665041d9855
- SSDEEP
  
  768:+mv1HjsdCOPVauou790wjyxS1X1ukFHNsgsWpDJXbJgg+z6bximNgG:71HgVauoHuv1X1dts6BJXbJse/uG
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xenoratrattrojan

© 2018-2024

Terms | Privacy