General

  • Target

    SteamUDP.exe

  • Size

    45KB

  • Sample

    240704-vycqjascrd

  • MD5

    71f93439066552063011b27f448fc1ce

  • SHA1

    afd983b5d3a34ba29ef18d7675e617b9a6da724f

  • SHA256

    5379f50c0b4b3a28641354e048b51278dd10519f50e081a07bbe8f0d4f22a5ad

  • SHA512

    ac56596bb93e61d240933353a1d3fd1d5a64dce97e13d381b94190f312ec57be856cd3fdd08c685d6960d734518514b7ecf69284e6371fe8fd96480ae1d76be3

  • SSDEEP

    768:9dhO/poiiUcjlJInbzH9Xqk5nWEZ5SbTDa+WI7CPW5w:zw+jjgnXH9XqcnW85SbT/WIY

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

37.120.141.155

Mutex

SteamUDP

Attributes
  • delay

    5000

  • install_path

    temp

  • port

    22914

  • startup_name

    SteamUDPUpdater

Targets

    • Target

      SteamUDP.exe

    • Size

      45KB

    • MD5

      71f93439066552063011b27f448fc1ce

    • SHA1

      afd983b5d3a34ba29ef18d7675e617b9a6da724f

    • SHA256

      5379f50c0b4b3a28641354e048b51278dd10519f50e081a07bbe8f0d4f22a5ad

    • SHA512

      ac56596bb93e61d240933353a1d3fd1d5a64dce97e13d381b94190f312ec57be856cd3fdd08c685d6960d734518514b7ecf69284e6371fe8fd96480ae1d76be3

    • SSDEEP

      768:9dhO/poiiUcjlJInbzH9Xqk5nWEZ5SbTDa+WI7CPW5w:zw+jjgnXH9XqcnW85SbT/WIY

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.