xenorat | 10a806b3b91bce876937c1f705b91153f5fdc91c88fe442dfd0ae6f06e26a9cb | Triage

Resubmissions

13-07-2024 02:33

240713-c188easakp 10

13-07-2024 02:29

240713-cyqchsthke 10

13-07-2024 02:23

240713-cvk9ds1glm 10

Sharing

General

Target

5oP2ak
Size

508B
Sample

240713-c188easakp
MD5

db55c0a45c78e31108711e01515a26d0
SHA1

667d59c73d995076e9e3566ad0acab62b81ebde8
SHA256

10a806b3b91bce876937c1f705b91153f5fdc91c88fe442dfd0ae6f06e26a9cb
SHA512

35e4645768d3534a5f9cd845b5d78718dc19e62aa2edaf53041d6d3408b22e6e8d0071dc27e3eab3b64a8df79a12dee72a7aeef81a24ac83d292bafabf78bbb4

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

192.168.0.15

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
nothingset

Targets

- Target
  
  5oP2ak
- Size
  
  508B
- MD5
  
  db55c0a45c78e31108711e01515a26d0
- SHA1
  
  667d59c73d995076e9e3566ad0acab62b81ebde8
- SHA256
  
  10a806b3b91bce876937c1f705b91153f5fdc91c88fe442dfd0ae6f06e26a9cb
- SHA512
  
  35e4645768d3534a5f9cd845b5d78718dc19e62aa2edaf53041d6d3408b22e6e8d0071dc27e3eab3b64a8df79a12dee72a7aeef81a24ac83d292bafabf78bbb4
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan