xenorat | 6491cb2ff9451e79f5ba5a621165c68b12ed8a170dcbbcec1c5b188986f04e27 | Triage

Sharing

General

Target

SolaraBoostrapper.exe
Size

46KB
Sample

240707-wr5y6swdpj
MD5

b70eccec2079ce0b1ef1a1701349f387
SHA1

0f7a61968c427a8cd78ff161c908a2e8f4ae6138
SHA256

6491cb2ff9451e79f5ba5a621165c68b12ed8a170dcbbcec1c5b188986f04e27
SHA512

cc9d137e587498fdb96437dc0d919e6bb1c0131e594d99dcafb063a28bc40cca9958a99b45f4f62bb7b6b20049ec25ba747e59f9816ccd2d643ccfdc04255c6a
SSDEEP

768:0dhO/poiiUcjlJInwHqH9Xqk5nWEZ5SbTDaSWI7CPW5j:Ow+jjgnHH9XqcnW85SbTTWIb

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

192.168.56.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
Windows Defender

Targets

- Target
  
  SolaraBoostrapper.exe
- Size
  
  46KB
- MD5
  
  b70eccec2079ce0b1ef1a1701349f387
- SHA1
  
  0f7a61968c427a8cd78ff161c908a2e8f4ae6138
- SHA256
  
  6491cb2ff9451e79f5ba5a621165c68b12ed8a170dcbbcec1c5b188986f04e27
- SHA512
  
  cc9d137e587498fdb96437dc0d919e6bb1c0131e594d99dcafb063a28bc40cca9958a99b45f4f62bb7b6b20049ec25ba747e59f9816ccd2d643ccfdc04255c6a
- SSDEEP
  
  768:0dhO/poiiUcjlJInwHqH9Xqk5nWEZ5SbTDaSWI7CPW5j:Ow+jjgnHH9XqcnW85SbTTWIb
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan