xenorat | 1396bfabd8e337f2f2349d0c3fd6f4fdb925adeb2ead8357b61bb0896d9d618a | Triage

Sharing

General

Target

sigma.exe
Size

45KB
Sample

240701-mzeyaaxdpc
MD5

04ebe5e1cd3f1f4ac07ccba6c357d5c7
SHA1

71ae4ea691a78283180f2a8a3c44d1f413fa44de
SHA256

1396bfabd8e337f2f2349d0c3fd6f4fdb925adeb2ead8357b61bb0896d9d618a
SHA512

d8f93cdc0c0d19bcf714640f71eb568e93c30b196815002edc719436ad7bddc81b57ec52de2b89109614e049334d445fb11ad564821d9c0bd500bc4535da39ed
SSDEEP

768:ldhO/poiiUcjlJInmjsZ8H9Xqk5nWEZ5SbTDaRuI7CPW5T:7w+jjgnMsZ8H9XqcnW85SbT8uIb

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

147.185.221.19:33365

Mutex

Windows Seciurity

Attributes

delay
5000
install_path
appdata
port
2137
startup_name
WIindows Security

Targets

- Target
  
  sigma.exe
- Size
  
  45KB
- MD5
  
  04ebe5e1cd3f1f4ac07ccba6c357d5c7
- SHA1
  
  71ae4ea691a78283180f2a8a3c44d1f413fa44de
- SHA256
  
  1396bfabd8e337f2f2349d0c3fd6f4fdb925adeb2ead8357b61bb0896d9d618a
- SHA512
  
  d8f93cdc0c0d19bcf714640f71eb568e93c30b196815002edc719436ad7bddc81b57ec52de2b89109614e049334d445fb11ad564821d9c0bd500bc4535da39ed
- SSDEEP
  
  768:ldhO/poiiUcjlJInmjsZ8H9Xqk5nWEZ5SbTDaRuI7CPW5T:7w+jjgnMsZ8H9XqcnW85SbT8uIb
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan