General

  • Target

    pics.exe

  • Size

    45KB

  • Sample

    240621-g2eseazcpb

  • MD5

    a02107a30c960620ce21bd2030442feb

  • SHA1

    51ff3d68754c8b39479649691d5fcc1179fa07b6

  • SHA256

    3e85bcf513c45d1d4ff742714cdde33230115c4a64a74d46770b3f62ad7a1c7d

  • SHA512

    ed16c4048c255dbf80770f9fedbac6d8e4604d64cc7040a8d69a314c68313eed04bf1683dd14f9619e3b0d81756b3ed044f7a4768c0c0588f7d4b893f8ff2299

  • SSDEEP

    768:9dhO/poiiUcjlJInpylF2I8H9Xqk5nWEZ5SbTDaauI7CPW57:zw+jjgnAlF2I8H9XqcnW85SbTXuIj

Malware Config

Extracted

Family

xenorat

C2

91.92.245.171

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    5764

  • startup_name

    Chrome

Targets

    • Target

      pics.exe

    • Size

      45KB

    • MD5

      a02107a30c960620ce21bd2030442feb

    • SHA1

      51ff3d68754c8b39479649691d5fcc1179fa07b6

    • SHA256

      3e85bcf513c45d1d4ff742714cdde33230115c4a64a74d46770b3f62ad7a1c7d

    • SHA512

      ed16c4048c255dbf80770f9fedbac6d8e4604d64cc7040a8d69a314c68313eed04bf1683dd14f9619e3b0d81756b3ed044f7a4768c0c0588f7d4b893f8ff2299

    • SSDEEP

      768:9dhO/poiiUcjlJInpylF2I8H9Xqk5nWEZ5SbTDaauI7CPW57:zw+jjgnAlF2I8H9XqcnW85SbTXuIj

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.