xenorat | 730e7cf897c39641a53c1e8d4ae6cec4c57a79fcab3f4fb6c031ec5a7586cf99 | Triage

Sharing

General

Target

730e7cf897c39641a53c1e8d4ae6cec4c57a79fcab3f4fb6c031ec5a7586cf99.exe
Size

235KB
Sample

240705-n4kj1azhka
MD5

9ecc46cd8417073a40224da5bdeacff7
SHA1

8fdf93d9991c10b2421e33970587196aa1784aca
SHA256

730e7cf897c39641a53c1e8d4ae6cec4c57a79fcab3f4fb6c031ec5a7586cf99
SHA512

6fed95d4935c8d8e3222985a5b01f7ba7c58f24241d4c399bdf57391f1118fb86db513050e89a9a841868eb3f1a47680912feb353ce92320c5a03740409e61da
SSDEEP

6144:dmgYGWWtKRwg7+z0lQ77kc3PRDJPbsjIXKb5jgI:d1YIIb+pPRNojII5j9

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

91.92.248.167

Mutex

Wolid_rat_nd8859g

Attributes

delay
60000
install_path
appdata
port
1280
startup_name
cms

Targets

- Target
  
  730e7cf897c39641a53c1e8d4ae6cec4c57a79fcab3f4fb6c031ec5a7586cf99.exe
- Size
  
  235KB
- MD5
  
  9ecc46cd8417073a40224da5bdeacff7
- SHA1
  
  8fdf93d9991c10b2421e33970587196aa1784aca
- SHA256
  
  730e7cf897c39641a53c1e8d4ae6cec4c57a79fcab3f4fb6c031ec5a7586cf99
- SHA512
  
  6fed95d4935c8d8e3222985a5b01f7ba7c58f24241d4c399bdf57391f1118fb86db513050e89a9a841868eb3f1a47680912feb353ce92320c5a03740409e61da
- SSDEEP
  
  6144:dmgYGWWtKRwg7+z0lQ77kc3PRDJPbsjIXKb5jgI:d1YIIb+pPRNojII5j9
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan