General

  • Target

    SolaraBoostrapper.exe

  • Size

    46KB

  • Sample

    240707-wr5y6swdpj

  • MD5

    b70eccec2079ce0b1ef1a1701349f387

  • SHA1

    0f7a61968c427a8cd78ff161c908a2e8f4ae6138

  • SHA256

    6491cb2ff9451e79f5ba5a621165c68b12ed8a170dcbbcec1c5b188986f04e27

  • SHA512

    cc9d137e587498fdb96437dc0d919e6bb1c0131e594d99dcafb063a28bc40cca9958a99b45f4f62bb7b6b20049ec25ba747e59f9816ccd2d643ccfdc04255c6a

  • SSDEEP

    768:0dhO/poiiUcjlJInwHqH9Xqk5nWEZ5SbTDaSWI7CPW5j:Ow+jjgnHH9XqcnW85SbTTWIb

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

192.168.56.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    Windows Defender

Targets

    • Target

      SolaraBoostrapper.exe

    • Size

      46KB

    • MD5

      b70eccec2079ce0b1ef1a1701349f387

    • SHA1

      0f7a61968c427a8cd78ff161c908a2e8f4ae6138

    • SHA256

      6491cb2ff9451e79f5ba5a621165c68b12ed8a170dcbbcec1c5b188986f04e27

    • SHA512

      cc9d137e587498fdb96437dc0d919e6bb1c0131e594d99dcafb063a28bc40cca9958a99b45f4f62bb7b6b20049ec25ba747e59f9816ccd2d643ccfdc04255c6a

    • SSDEEP

      768:0dhO/poiiUcjlJInwHqH9Xqk5nWEZ5SbTDaSWI7CPW5j:Ow+jjgnHH9XqcnW85SbTTWIb

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.