xenorat | 5379f50c0b4b3a28641354e048b51278dd10519f50e081a07bbe8f0d4f22a5ad | Triage

Sharing

General

Target

SteamUDP.exe
Size

45KB
Sample

240702-arsg7ayhqa
MD5

71f93439066552063011b27f448fc1ce
SHA1

afd983b5d3a34ba29ef18d7675e617b9a6da724f
SHA256

5379f50c0b4b3a28641354e048b51278dd10519f50e081a07bbe8f0d4f22a5ad
SHA512

ac56596bb93e61d240933353a1d3fd1d5a64dce97e13d381b94190f312ec57be856cd3fdd08c685d6960d734518514b7ecf69284e6371fe8fd96480ae1d76be3
SSDEEP

768:9dhO/poiiUcjlJInbzH9Xqk5nWEZ5SbTDa+WI7CPW5w:zw+jjgnXH9XqcnW85SbT/WIY

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

37.120.141.155

Mutex

SteamUDP

Attributes

delay
5000
install_path
temp
port
22914
startup_name
SteamUDPUpdater

Targets

- Target
  
  SteamUDP.exe
- Size
  
  45KB
- MD5
  
  71f93439066552063011b27f448fc1ce
- SHA1
  
  afd983b5d3a34ba29ef18d7675e617b9a6da724f
- SHA256
  
  5379f50c0b4b3a28641354e048b51278dd10519f50e081a07bbe8f0d4f22a5ad
- SHA512
  
  ac56596bb93e61d240933353a1d3fd1d5a64dce97e13d381b94190f312ec57be856cd3fdd08c685d6960d734518514b7ecf69284e6371fe8fd96480ae1d76be3
- SSDEEP
  
  768:9dhO/poiiUcjlJInbzH9Xqk5nWEZ5SbTDa+WI7CPW5w:zw+jjgnXH9XqcnW85SbT/WIY
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xenoratrattrojan