xenorat | ce68403f6ca4534a1fb920c3981853761d7e0287da097285d7ceb676f51475f4 | Triage

Sharing

General

Target

ce68403f6ca4534a1fb920c3981853761d7e0287da097285d7ceb676f51475f4
Size

722KB
Sample

240705-djmths1dpj
MD5

6958f2cfe61df82f5bcabf6cb0b8c89c
SHA1

434d562753173a6bff5515c0a366a2d1fd40748c
SHA256

ce68403f6ca4534a1fb920c3981853761d7e0287da097285d7ceb676f51475f4
SHA512

651ae1d93fc796498f2c89d9b097431c5c9ebdc58b3c2b84ddc6a608dd508c8dbcab7d1ba35f36a1cccd66f8ef835561a81de3fc1790e18775df69128182382d
SSDEEP

12288:HhqxSLo5C1Ps4Xhu913+wmwIzM31jXK1OkA+yE4Yku+z/JzWCzLFT086OjTve/:HHLmCiIha1OwvIzM31jaIZ+n4CChz//m

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

45.88.91.74

Mutex

Xeno_rat_nd8912d

Attributes

delay
10
install_path
appdata
port
1414
startup_name
nothingset

Targets

- Target
  
  ce68403f6ca4534a1fb920c3981853761d7e0287da097285d7ceb676f51475f4
- Size
  
  722KB
- MD5
  
  6958f2cfe61df82f5bcabf6cb0b8c89c
- SHA1
  
  434d562753173a6bff5515c0a366a2d1fd40748c
- SHA256
  
  ce68403f6ca4534a1fb920c3981853761d7e0287da097285d7ceb676f51475f4
- SHA512
  
  651ae1d93fc796498f2c89d9b097431c5c9ebdc58b3c2b84ddc6a608dd508c8dbcab7d1ba35f36a1cccd66f8ef835561a81de3fc1790e18775df69128182382d
- SSDEEP
  
  12288:HhqxSLo5C1Ps4Xhu913+wmwIzM31jXK1OkA+yE4Yku+z/JzWCzLFT086OjTve/:HHLmCiIha1OwvIzM31jaIZ+n4CChz//m
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan