xenorat | 332c5041438fb488709b351f39dc5dcdaeb11f575a6330ce9f77811e9e22d16f | Triage

Sharing

General

Target

a82bfd5e62292dd3819e30203bf3d600N.exe
Size

62KB
Sample

240722-nq9a7swflm
MD5

a82bfd5e62292dd3819e30203bf3d600
SHA1

45f9ad119f1fcde707e9f1d48a8f2d321e5728bb
SHA256

332c5041438fb488709b351f39dc5dcdaeb11f575a6330ce9f77811e9e22d16f
SHA512

d42a6809638575457426dd0b75a76627a4cc55f21d8f7d0990491d299b07fff7c2e4674ce6835ccf3e788767fe6b451a2e254afcea451c74bfb21c12aa856bd5
SSDEEP

1536:QGfpH0kPZMak9VeXOCey6+yjjPhWzkDalm3x42oQF6atdf:vWak94ey6+yjj8QGlmh4QF6atdf

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

192.168.100.111

Mutex

andrei

Attributes

delay
3000
install_path
nothingset
port
4444
startup_name
nothingset

Targets

- Target
  
  a82bfd5e62292dd3819e30203bf3d600N.exe
- Size
  
  62KB
- MD5
  
  a82bfd5e62292dd3819e30203bf3d600
- SHA1
  
  45f9ad119f1fcde707e9f1d48a8f2d321e5728bb
- SHA256
  
  332c5041438fb488709b351f39dc5dcdaeb11f575a6330ce9f77811e9e22d16f
- SHA512
  
  d42a6809638575457426dd0b75a76627a4cc55f21d8f7d0990491d299b07fff7c2e4674ce6835ccf3e788767fe6b451a2e254afcea451c74bfb21c12aa856bd5
- SSDEEP
  
  1536:QGfpH0kPZMak9VeXOCey6+yjjPhWzkDalm3x42oQF6atdf:vWak94ey6+yjj8QGlmh4QF6atdf
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xenoratrattrojan

behavioral2

xenoratrattrojan