xenorat | 6f5b287c87ff655d6d07686fc8328e1c7e4dd2ca99caca5c757300a8d4b1940b | Triage

Sharing

General

Target

6f5b287c87ff655d6d07686fc8328e1c7e4dd2ca99caca5c757300a8d4b1940b.exe
Size

239KB
Sample

240705-btrt4sygkn
MD5

1f89375dede098a5f59710c111594b8d
SHA1

e782a9abdd7ceed63a6a10b83a16c278400f9b32
SHA256

6f5b287c87ff655d6d07686fc8328e1c7e4dd2ca99caca5c757300a8d4b1940b
SHA512

94e856096bb44e70cd04c308e5f2647cbc64990bb765d40e4e1fae9d1a0b3de3e7cfc6949297ebf19450ed2f11e2754bab55573f1d64ff1d7f599230c01ae960
SSDEEP

6144:QQDn9LAsrPf1xTjlMk1y+fn0fTm6wJm2rrFOI:NDnx/zfjnH1x0fTm6wJm2rrh

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

91.92.248.167

Mutex

Dolid_rat_nd8859g

Attributes

delay
60000
install_path
appdata
port
1280
startup_name
dms

Targets

- Target
  
  6f5b287c87ff655d6d07686fc8328e1c7e4dd2ca99caca5c757300a8d4b1940b.exe
- Size
  
  239KB
- MD5
  
  1f89375dede098a5f59710c111594b8d
- SHA1
  
  e782a9abdd7ceed63a6a10b83a16c278400f9b32
- SHA256
  
  6f5b287c87ff655d6d07686fc8328e1c7e4dd2ca99caca5c757300a8d4b1940b
- SHA512
  
  94e856096bb44e70cd04c308e5f2647cbc64990bb765d40e4e1fae9d1a0b3de3e7cfc6949297ebf19450ed2f11e2754bab55573f1d64ff1d7f599230c01ae960
- SSDEEP
  
  6144:QQDn9LAsrPf1xTjlMk1y+fn0fTm6wJm2rrFOI:NDnx/zfjnH1x0fTm6wJm2rrh
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan