Overview

overview

10

Static

static

10

27e2394f7b...ad.exe

windows7-x64

10

27e2394f7b...ad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27e2394f7b506257a8afa48049a8fe2fef59dc87957def06bd51d1d9dc191732_payload.exe

  • Size

    45KB

  • Sample

    240712-ngn9ns1eln

  • MD5

    a186adfbd28c7e573d1fe5b4f7f54cf7

  • SHA1

    42e384baa0b01cb680eb7a73406e47a0ea50e446

  • SHA256

    d5028e10a756f2df677f32ebde105d7de8df37e253c431837c8f810260f4428e

  • SHA512

    d989d44a883d55493401d00a6333bf1dafb7f1085a7dd0b3a0b0ed2a1144ceedb939a37c9d7c9724ed04123c371f97e2a7df1efaa6f7abee0286d488a20ec93c

  • SSDEEP

    768:mdhO/poiiUcjlJInNa3H9Xqk5nWEZ5SbTDatuI7CPW5G:Qw+jjgnCH9XqcnW85SbTouIe

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

77.221.152.198

Mutex

Xeno_rat_nd89dsedwqdswdqwdwqdqwdqwdwqdwqdqwdqwdwqdwqd12d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    nothingset

Targets

    • Target

      27e2394f7b506257a8afa48049a8fe2fef59dc87957def06bd51d1d9dc191732_payload.exe

    • Size

      45KB

    • MD5

      a186adfbd28c7e573d1fe5b4f7f54cf7

    • SHA1

      42e384baa0b01cb680eb7a73406e47a0ea50e446

    • SHA256

      d5028e10a756f2df677f32ebde105d7de8df37e253c431837c8f810260f4428e

    • SHA512

      d989d44a883d55493401d00a6333bf1dafb7f1085a7dd0b3a0b0ed2a1144ceedb939a37c9d7c9724ed04123c371f97e2a7df1efaa6f7abee0286d488a20ec93c

    • SSDEEP

      768:mdhO/poiiUcjlJInNa3H9Xqk5nWEZ5SbTDatuI7CPW5G:Qw+jjgnCH9XqcnW85SbTouIe

    Score
    10/10
    xenoratrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks