General

  • Target

    8d84fc99073709f0c6049b80fa088c9af03c5525148e61b2d258cc3f1d4c7d8e.exe

  • Size

    45KB

  • Sample

    240708-lfbwvasfpn

  • MD5

    899d4c38a9edf64f8513eaaf6f5aa8e4

  • SHA1

    8dc9f2cf26ef7778031d4a02345cbbc982ab8aac

  • SHA256

    8d84fc99073709f0c6049b80fa088c9af03c5525148e61b2d258cc3f1d4c7d8e

  • SHA512

    a8b7346045f9b22f5fbd8d7db9ed4266da244c9337a630a3c8f05045e0a9872e21e72f82d45120adab9448c2e2b43d35b2b90de35caf7f67e0aaeae4e1fb3056

  • SSDEEP

    768:pdhO/poiiUcjlJIn9bqmH9Xqk5nWEZ5SbTDa0WI7CPW5h:nw+jjgntH9XqcnW85SbTtWIZ

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

82.9.14.4

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4545

  • startup_name

    windows

Targets

    • Target

      8d84fc99073709f0c6049b80fa088c9af03c5525148e61b2d258cc3f1d4c7d8e.exe

    • Size

      45KB

    • MD5

      899d4c38a9edf64f8513eaaf6f5aa8e4

    • SHA1

      8dc9f2cf26ef7778031d4a02345cbbc982ab8aac

    • SHA256

      8d84fc99073709f0c6049b80fa088c9af03c5525148e61b2d258cc3f1d4c7d8e

    • SHA512

      a8b7346045f9b22f5fbd8d7db9ed4266da244c9337a630a3c8f05045e0a9872e21e72f82d45120adab9448c2e2b43d35b2b90de35caf7f67e0aaeae4e1fb3056

    • SSDEEP

      768:pdhO/poiiUcjlJIn9bqmH9Xqk5nWEZ5SbTDa0WI7CPW5h:nw+jjgntH9XqcnW85SbTtWIZ

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks