xenorat | c6768339c3b46430d12d13c5fc0571a677f68a420f44cad5d10e09c698bbbe11 | Triage

Sharing

General

Target

Spoofer.rar
Size

422KB
Sample

240722-t758rsxfpr
MD5

cdc6779a69ce4a1e319c316dbf21c1e7
SHA1

921679277b6af0283b827c0faf0bbdf8c6fcd3f4
SHA256

c6768339c3b46430d12d13c5fc0571a677f68a420f44cad5d10e09c698bbbe11
SHA512

faf8a677de0f0e8e1dc436686eb4686430c8e9a39b4daded9206fca471bfffc274867997be910a60bba269c0389c493868231da72d7222b1460eca25049141ab
SSDEEP

6144:wvzWowkowg29s20s3/jZiAHgAKD4YtdepFsKMtfcO/LgRTu0tRIUp42y:+WkI2BsAKDjIpKCFTLRA2y

Score

10^/10

xenorat rat trojan

Malware Config

Extracted

Family

xenorat

C2

62.133.174.224

Mutex

RuntimeBroker

Attributes

delay
500
install_path
appdata
port
3056
startup_name
RuntimeBroker

Targets

- Target
  
  Spoofer.rar
- Size
  
  422KB
- MD5
  
  cdc6779a69ce4a1e319c316dbf21c1e7
- SHA1
  
  921679277b6af0283b827c0faf0bbdf8c6fcd3f4
- SHA256
  
  c6768339c3b46430d12d13c5fc0571a677f68a420f44cad5d10e09c698bbbe11
- SHA512
  
  faf8a677de0f0e8e1dc436686eb4686430c8e9a39b4daded9206fca471bfffc274867997be910a60bba269c0389c493868231da72d7222b1460eca25049141ab
- SSDEEP
  
  6144:wvzWowkowg29s20s3/jZiAHgAKD4YtdepFsKMtfcO/LgRTu0tRIUp42y:+WkI2BsAKDjIpKCFTLRA2y
Score

10^/10

xenorat rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xenoratrattrojan