Resubmissions

13-07-2024 02:33

240713-c188easakp 10

13-07-2024 02:29

240713-cyqchsthke 10

13-07-2024 02:23

240713-cvk9ds1glm 10

General

  • Target

    5oP2ak

  • Size

    508B

  • Sample

    240713-cyqchsthke

  • MD5

    db55c0a45c78e31108711e01515a26d0

  • SHA1

    667d59c73d995076e9e3566ad0acab62b81ebde8

  • SHA256

    10a806b3b91bce876937c1f705b91153f5fdc91c88fe442dfd0ae6f06e26a9cb

  • SHA512

    35e4645768d3534a5f9cd845b5d78718dc19e62aa2edaf53041d6d3408b22e6e8d0071dc27e3eab3b64a8df79a12dee72a7aeef81a24ac83d292bafabf78bbb4

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    nothingset

Targets

    • Target

      5oP2ak

    • Size

      508B

    • MD5

      db55c0a45c78e31108711e01515a26d0

    • SHA1

      667d59c73d995076e9e3566ad0acab62b81ebde8

    • SHA256

      10a806b3b91bce876937c1f705b91153f5fdc91c88fe442dfd0ae6f06e26a9cb

    • SHA512

      35e4645768d3534a5f9cd845b5d78718dc19e62aa2edaf53041d6d3408b22e6e8d0071dc27e3eab3b64a8df79a12dee72a7aeef81a24ac83d292bafabf78bbb4

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Downloads MZ/PE file

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks