xenorat | b9b83591b6ebb1d96f9663e95b330f628f294fa8f6bb7703a6f3c9333b7e1c93 | Triage

Sharing

General

Target

setup.exe
Size

45KB
Sample

240718-ftbkcazcpe
MD5

a895d7d9f0c011e6a09f8695f70ec220
SHA1

6e35cb9b2e0ffab5473b00021214e903509ed631
SHA256

b9b83591b6ebb1d96f9663e95b330f628f294fa8f6bb7703a6f3c9333b7e1c93
SHA512

87f0fd72d1e15a0748db53ce174c5aae33c72654fd6821d4582f5711432f6a070b0b619f5b244f932d7b3a86ab269f06ab43baa308bbc52e46837adac2a48926
SSDEEP

768:FdhO/poiiUcjlJInozH9Xqk5nWEZ5SbTDaDWI7CPW59:bw+jjgn6H9XqcnW85SbTyWIV

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
1000
startup_name
setup

Targets

- Target
  
  setup.exe
- Size
  
  45KB
- MD5
  
  a895d7d9f0c011e6a09f8695f70ec220
- SHA1
  
  6e35cb9b2e0ffab5473b00021214e903509ed631
- SHA256
  
  b9b83591b6ebb1d96f9663e95b330f628f294fa8f6bb7703a6f3c9333b7e1c93
- SHA512
  
  87f0fd72d1e15a0748db53ce174c5aae33c72654fd6821d4582f5711432f6a070b0b619f5b244f932d7b3a86ab269f06ab43baa308bbc52e46837adac2a48926
- SSDEEP
  
  768:FdhO/poiiUcjlJInozH9Xqk5nWEZ5SbTDaDWI7CPW59:bw+jjgn6H9XqcnW85SbTyWIV
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan