xenorat | 261f7fc603cfdc64042e7c7c9a8a32180333f6928dfa5013ef9b14e6365ddd1f | Triage

Sharing

General

Target

261f7fc603cfdc64042e7c7c9a8a32180333f6928dfa5013ef9b14e6365ddd1f
Size

250KB
Sample

240726-skzxssyfrf
MD5

b16e3deed533b0b97839adc57825ac54
SHA1

0caf148875709419edb06408347ccf5d7d4f1ba2
SHA256

261f7fc603cfdc64042e7c7c9a8a32180333f6928dfa5013ef9b14e6365ddd1f
SHA512

4541fdb656c0073acc79b92f5aa307b3cbae0f0186408184412a29e7b636a75b5793ad14703e7a013b89aa4eb5d1585811823d9595a587d8d5862057012a50c0
SSDEEP

6144:u2e1dL1VnASuuQgXoHMe1IZ3anF/nf95hSQDI:WDV0WoHMrm/nf95hSQE

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

45.66.231.63

Mutex

Holid_rat_nd8859g

Attributes

delay
60400
install_path
appdata
port
1243
startup_name
HDdisplay

Targets

- Target
  
  261f7fc603cfdc64042e7c7c9a8a32180333f6928dfa5013ef9b14e6365ddd1f
- Size
  
  250KB
- MD5
  
  b16e3deed533b0b97839adc57825ac54
- SHA1
  
  0caf148875709419edb06408347ccf5d7d4f1ba2
- SHA256
  
  261f7fc603cfdc64042e7c7c9a8a32180333f6928dfa5013ef9b14e6365ddd1f
- SHA512
  
  4541fdb656c0073acc79b92f5aa307b3cbae0f0186408184412a29e7b636a75b5793ad14703e7a013b89aa4eb5d1585811823d9595a587d8d5862057012a50c0
- SSDEEP
  
  6144:u2e1dL1VnASuuQgXoHMe1IZ3anF/nf95hSQDI:WDV0WoHMrm/nf95hSQE
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan