xenorat | 40ec6278632cd557b1b4a71756f605cd1579e1c54f1534c74f15751199fd521c | Triage

Submit
Reports

Overview

overview

Static

static

8

Transaccio...os.xls

windows7-x64

1

Transaccio...os.xls

windows10-2004-x64

Sharing

General

Target

Transaccion_Recibos.xls
Size

50KB
Sample

240621-f66agsygqc
MD5

c9c6a2b1c94755b93d6200923889827a
SHA1

6de6e84b0c47ff3e816f1eea74be33c2b2b88d71
SHA256

40ec6278632cd557b1b4a71756f605cd1579e1c54f1534c74f15751199fd521c
SHA512

c9ab930fb4c792403a842441093e18a28a33a06773d2fad2dc705e51d477c159781922c16eee056cc0409b4aa496738d201e456a573e24a58989c44904f0411b
SSDEEP

1536:VrxEtjPOtioVjDGUU1qfDlaGGx+cL2QnABIS49hhUT6SPDLktw:VrxEtjPOtioVjDGUU1qfDlaGGx+cL2Q

Score

10^/10

xenorat macro macro_on_action rat trojan

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

Transaccion_Recibos.xls

Resource

win7-20240419-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Transaccion_Recibos.xls

Resource

win10v2004-20240508-en

xenorat rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

xenorat

C2

91.92.248.167

Mutex

Wolid_rat_nd8859g

Attributes

delay
60000
install_path
appdata
port
1280
startup_name
cms

Targets

- Target
  
  Transaccion_Recibos.xls
- Size
  
  50KB
- MD5
  
  c9c6a2b1c94755b93d6200923889827a
- SHA1
  
  6de6e84b0c47ff3e816f1eea74be33c2b2b88d71
- SHA256
  
  40ec6278632cd557b1b4a71756f605cd1579e1c54f1534c74f15751199fd521c
- SHA512
  
  c9ab930fb4c792403a842441093e18a28a33a06773d2fad2dc705e51d477c159781922c16eee056cc0409b4aa496738d201e456a573e24a58989c44904f0411b
- SSDEEP
  
  1536:VrxEtjPOtioVjDGUU1qfDlaGGx+cL2QnABIS49hhUT6SPDLktw:VrxEtjPOtioVjDGUU1qfDlaGGx+cL2Q
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

xenoratrattrojan

© 2018-2024

Terms | Privacy