xenorat | e86fa6ee410c43724a1599492a9aaa43ff6de10a0ceb8918f7459a2622726c59 | Triage

Sharing

General

Target

e86fa6ee410c43724a1599492a9aaa43ff6de10a0ceb8918f7459a2622726c59
Size

250KB
Sample

240726-sj38tsvglp
MD5

db2f5efce4d870494993c71fe1b34489
SHA1

66a95648dddb11bdcc2cc805f8772150c1f6f6fb
SHA256

e86fa6ee410c43724a1599492a9aaa43ff6de10a0ceb8918f7459a2622726c59
SHA512

cc9544eb03977f43a8197056b8e6fdbab821a580d1b0249bb03f7215da8a07f1615d35c19bf37dcc35ebd4cd4c785f0b7cafa60aa6c87489218a8357fc489ad5
SSDEEP

6144:bbAfeNDjOoEVWqbbbM2hD0DutBLXFOBmg1GyeKCCatVPZxFxbhqiGo0I:b0feNPDoPbbblt0DuZfsaxxFxbhqiGoh

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

45.66.231.63

Mutex

Holid_rat_nd8859g

Attributes

delay
60400
install_path
appdata
port
1243
startup_name
HDdisplay

Targets

- Target
  
  e86fa6ee410c43724a1599492a9aaa43ff6de10a0ceb8918f7459a2622726c59
- Size
  
  250KB
- MD5
  
  db2f5efce4d870494993c71fe1b34489
- SHA1
  
  66a95648dddb11bdcc2cc805f8772150c1f6f6fb
- SHA256
  
  e86fa6ee410c43724a1599492a9aaa43ff6de10a0ceb8918f7459a2622726c59
- SHA512
  
  cc9544eb03977f43a8197056b8e6fdbab821a580d1b0249bb03f7215da8a07f1615d35c19bf37dcc35ebd4cd4c785f0b7cafa60aa6c87489218a8357fc489ad5
- SSDEEP
  
  6144:bbAfeNDjOoEVWqbbbM2hD0DutBLXFOBmg1GyeKCCatVPZxFxbhqiGo0I:b0feNPDoPbbblt0DuZfsaxxFxbhqiGoh
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan