xenorat | ebe3929423c5b81a03ec31feddd6a59a2ad2a40d40a14d1b3de437080f8462f2 | Triage

Sharing

General

Target

1d63cb75b1ca78ae4d1cee75654bdb90N.exe
Size

108KB
Sample

240718-2wmlaa1cmk
MD5

1d63cb75b1ca78ae4d1cee75654bdb90
SHA1

c51f296c4b760136b8f4a31fbad64c8a2bec8034
SHA256

ebe3929423c5b81a03ec31feddd6a59a2ad2a40d40a14d1b3de437080f8462f2
SHA512

82d71c26147ecc6b7e9f97cee55b8ac5c8f65621857a353b90a34e9affa97e3103fc19c16b546058f58cfc53e597167c2f35e36855d026a7afe582e463a132e6
SSDEEP

1536:8rlp5ARyYhD3aq0rCjt4SYvHFOK8LRP60P7UHNvZXY8XYj8GbYF6ocdP4Ppfn6y:8rljARyYVa9zfFBOStvS3j8G9dgPpfp

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

193.222.96.58

Attributes

delay
5000
install_path
appdata
port
1414
startup_name
nothingset

Targets

- Target
  
  1d63cb75b1ca78ae4d1cee75654bdb90N.exe
- Size
  
  108KB
- MD5
  
  1d63cb75b1ca78ae4d1cee75654bdb90
- SHA1
  
  c51f296c4b760136b8f4a31fbad64c8a2bec8034
- SHA256
  
  ebe3929423c5b81a03ec31feddd6a59a2ad2a40d40a14d1b3de437080f8462f2
- SHA512
  
  82d71c26147ecc6b7e9f97cee55b8ac5c8f65621857a353b90a34e9affa97e3103fc19c16b546058f58cfc53e597167c2f35e36855d026a7afe582e463a132e6
- SSDEEP
  
  1536:8rlp5ARyYhD3aq0rCjt4SYvHFOK8LRP60P7UHNvZXY8XYj8GbYF6ocdP4Ppfn6y:8rljARyYVa9zfFBOStvS3j8G9dgPpfp
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan