xenorat | 0f25b2dba81f1a344f613a7aedecd247980324529fa1d7f2a1d2937f1fa0627e | Triage

Submit
Reports

Overview

overview

Static

static

8

0f25b2dba8...7e.xls

windows7-x64

0f25b2dba8...7e.xls

windows10-2004-x64

1

Sharing

General

Target

0f25b2dba81f1a344f613a7aedecd247980324529fa1d7f2a1d2937f1fa0627e
Size

235KB
Sample

240702-zvjf5aygmh
MD5

ed7a378f46c2128849abc102e8b03df9
SHA1

b2f934a5a8689b758904152c46b914e33557e963
SHA256

0f25b2dba81f1a344f613a7aedecd247980324529fa1d7f2a1d2937f1fa0627e
SHA512

d764bfa2b38d7d2fb1e41693e56aea0052512cb30082994e58bba38e588b7325553a5e4a1bf4809bfa0f80d1632398eb18d83434fde3dd4951ed0f798cff4b6b
SSDEEP

6144:JxEtjPOtioVjDGUU1qfDlavx+W2QnA2X5EW2ZKuF1Yt/8XyXhOdd6K05WM5nwQS5:0XR2ZKeWkXyXhgdL0E2SER9A2c

Score

10^/10

xenorat macro macro_on_action rat trojan

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

0f25b2dba81f1a344f613a7aedecd247980324529fa1d7f2a1d2937f1fa0627e.xls

Resource

win7-20240611-en

xenorat rat trojan

windows7-x64

14 signatures

60 seconds

Behavioral task

behavioral2

Sample

0f25b2dba81f1a344f613a7aedecd247980324529fa1d7f2a1d2937f1fa0627e.xls

Resource

win10v2004-20240611-en

windows10-2004-x64

4 signatures

60 seconds

Malware Config

Extracted

Family

xenorat

C2

91.92.248.167

Mutex

Wolid_rat_nd8859g

Attributes

delay
60000
install_path
appdata
port
1280
startup_name
cms

Targets

- Target
  
  0f25b2dba81f1a344f613a7aedecd247980324529fa1d7f2a1d2937f1fa0627e
- Size
  
  235KB
- MD5
  
  ed7a378f46c2128849abc102e8b03df9
- SHA1
  
  b2f934a5a8689b758904152c46b914e33557e963
- SHA256
  
  0f25b2dba81f1a344f613a7aedecd247980324529fa1d7f2a1d2937f1fa0627e
- SHA512
  
  d764bfa2b38d7d2fb1e41693e56aea0052512cb30082994e58bba38e588b7325553a5e4a1bf4809bfa0f80d1632398eb18d83434fde3dd4951ed0f798cff4b6b
- SSDEEP
  
  6144:JxEtjPOtioVjDGUU1qfDlavx+W2QnA2X5EW2ZKuF1Yt/8XyXhOdd6K05WM5nwQS5:0XR2ZKeWkXyXhgdL0E2SER9A2c
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_action

behavioral1

xenoratrattrojan

behavioral2

© 2018-2024

Terms | Privacy