xenorat | 4499ad4bac40fa5651b07bf3243aa38a1e463b5ce63095a5b905c4d0bc15dc7f | Triage

Sharing

General

Target

AccGenerator.exe
Size

45KB
Sample

240708-s2nk4aybrc
MD5

1d003893714bb9352f9ff8d1326a747e
SHA1

b50e5a1fc7d09a25d48a3e6b70885944f42f6e7b
SHA256

4499ad4bac40fa5651b07bf3243aa38a1e463b5ce63095a5b905c4d0bc15dc7f
SHA512

a05441ae4d70b7180a86c656ff5d0937a59232cda276b4d36d16b6a390cf05e3d2a8627ff6eff150a37fb2e01ec377260decb3fe7328d78175492cfaf5e7b661
SSDEEP

768:rdhO/poiiUcjlJInctUH9Xqk5nWEZ5SbTDaiWI7CPW5n:Zw+jjgnaUH9XqcnW85SbTrWIv

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.001.0000

Mutex

AccBuilder

Attributes

delay
20
install_path
temp
port
4444
startup_name
Acc_Maker

Targets

- Target
  
  AccGenerator.exe
- Size
  
  45KB
- MD5
  
  1d003893714bb9352f9ff8d1326a747e
- SHA1
  
  b50e5a1fc7d09a25d48a3e6b70885944f42f6e7b
- SHA256
  
  4499ad4bac40fa5651b07bf3243aa38a1e463b5ce63095a5b905c4d0bc15dc7f
- SHA512
  
  a05441ae4d70b7180a86c656ff5d0937a59232cda276b4d36d16b6a390cf05e3d2a8627ff6eff150a37fb2e01ec377260decb3fe7328d78175492cfaf5e7b661
- SSDEEP
  
  768:rdhO/poiiUcjlJInctUH9Xqk5nWEZ5SbTDaiWI7CPW5n:Zw+jjgnaUH9XqcnW85SbTrWIv
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan