xenorat | 8a9ab6c659fa30fc1ac9548bdea3300ab9d829f8a085131aa5e5024f67cacc81 | Triage

Sharing

General

Target

loader_2.exe
Size

326KB
Sample

240702-zk9wbssgjm
MD5

6939b30d8705c734e0f6b4a0233d93f9
SHA1

cdd90c3907aeef8d90811f6725fe2cb4d19df284
SHA256

8a9ab6c659fa30fc1ac9548bdea3300ab9d829f8a085131aa5e5024f67cacc81
SHA512

180ec7d0fdda57e9cb22853faa8741a8d101628d827e15c7b5c2f1ea4401de022caded5b8b903b04046101d8d0db955abf1208e7b8d7a85819ff312f37f493b0
SSDEEP

3072:2wSELLlHKjv7QVG6NDAlLykEKnTNG/ph+8BT0dTb3e4cL:2wSELLlcn6MLyJ6Ab+8BT0dKL

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

37.120.141.155

Mutex

SteamUDP_FULL

Attributes

delay
5000
install_path
temp
port
22914
startup_name
SteamUDPUpdater

Targets

- Target
  
  loader_2.exe
- Size
  
  326KB
- MD5
  
  6939b30d8705c734e0f6b4a0233d93f9
- SHA1
  
  cdd90c3907aeef8d90811f6725fe2cb4d19df284
- SHA256
  
  8a9ab6c659fa30fc1ac9548bdea3300ab9d829f8a085131aa5e5024f67cacc81
- SHA512
  
  180ec7d0fdda57e9cb22853faa8741a8d101628d827e15c7b5c2f1ea4401de022caded5b8b903b04046101d8d0db955abf1208e7b8d7a85819ff312f37f493b0
- SSDEEP
  
  3072:2wSELLlHKjv7QVG6NDAlLykEKnTNG/ph+8BT0dTb3e4cL:2wSELLlcn6MLyJ6Ab+8BT0dKL
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xenoratrattrojan