Overview

overview

10

Static

static

10

1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    300s
  • max time network
    300s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-07-2024 06:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.exe

  • Size

    45KB

  • MD5

    031ef44f772d9b20762d5b7d8c6ce141

  • SHA1

    370ca1a7c78171b55daef91cf827df72bcc3e741

  • SHA256

    631713b09731f14b5397059d6358bb580525fbef98bfd2f16321b12677e14ce5

  • SHA512

    bd224cf4afef381350d096137e60ed31a83b70d3e2320a4896f38aa0e69117c9ab0d8b594214911ace1aaa8a7ec28f2da44aa17e71ec7ad31efa8794512120a6

  • SSDEEP

    768:qdhO/poiiUcjlJIn5wzH9Xqk5nWEZ5SbTDaMWI7CPW5N:Mw+jjgn5yH9XqcnW85SbT9WIl

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

176.113.115.177

Mutex

RGHEHTJ4GEJHTJSHJAJHAJHA

Attributes
  • install_path

    nothingset

  • port

    4404

  • startup_name

    nothingset

Signatures

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1.exe
    "C:\Users\Admin\AppData\Local\Temp\1.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:2500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2500-0-0x000000007513E000-0x000000007513F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2500-1-0x0000000000770000-0x0000000000782000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2500-2-0x0000000075130000-0x00000000758E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2500-3-0x0000000005A00000-0x0000000005A66000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2500-4-0x000000007513E000-0x000000007513F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2500-5-0x0000000075130000-0x00000000758E0000-memory.dmp

    Filesize

    7.7MB

    Download