xenorat | efa1baf24f60a06fe68e70d3e2fbc7dc9b937917bc24a76bff5bc503c91e959f | Triage

Sharing

General

Target

KNRL EXECUTOR.zip
Size

162KB
Sample

240718-y41w4avbkl
MD5

7b4ded80d8a4de2f4fbb5676d2160045
SHA1

2a3c8ecf1777d53f5aa6807c0233a4ad9bdf9abe
SHA256

efa1baf24f60a06fe68e70d3e2fbc7dc9b937917bc24a76bff5bc503c91e959f
SHA512

d8a2242a67b59f652b39e457660a36bc6a6f4804252353684fe037327cddb4b8279efa9c637c84f777647060d871d3b0be96e9764c8ce2b70619767f29bd1630
SSDEEP

3072:uXn5wfW8/VwomdZEPJ8dmRLl/Xn5wfW8/VwomdZEPJ8dmRLlK:AOfrfm/uJFvOfrfm/uJFK

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
Xeno_manager.exe

Targets

- Target
  
  KNRL STARTUP/KNRL.exe
- Size
  
  468KB
- MD5
  
  25dd17cdd4cb0ea687bacc96f11df77f
- SHA1
  
  e35e77bbdea42a36fe4d2f456022ab07ddc1a65f
- SHA256
  
  8fb40c856daf038d45a2d5b5f93bfa48987d54493b43ac76c16a7fceb7011f86
- SHA512
  
  3144c457786e9764d8ea026d1c312e90e5158507b1133e3e477922c54a721ac29a1014d8103aba592fe2b65e831dbb8d5362968c588824894afe77de04968799
- SSDEEP
  
  6144:SWV91Ub+4jU83nN6xMrSTpNx+NgrnpGH2bRr:SiTXx
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
behavioral1 behavioral2
- Target
  
  KNRLBOOTSTRAPPER.exe
- Size
  
  468KB
- MD5
  
  25dd17cdd4cb0ea687bacc96f11df77f
- SHA1
  
  e35e77bbdea42a36fe4d2f456022ab07ddc1a65f
- SHA256
  
  8fb40c856daf038d45a2d5b5f93bfa48987d54493b43ac76c16a7fceb7011f86
- SHA512
  
  3144c457786e9764d8ea026d1c312e90e5158507b1133e3e477922c54a721ac29a1014d8103aba592fe2b65e831dbb8d5362968c588824894afe77de04968799
- SSDEEP
  
  6144:SWV91Ub+4jU83nN6xMrSTpNx+NgrnpGH2bRr:SiTXx
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan

behavioral3

xenoratrattrojan

behavioral4

xenoratrattrojan