xenorat | 314dd9f3d257729323aa2dfaaf312b7cd54dbcc2214721eea0863a9b6353cf7a | Triage

Sharing

General

Target

314dd9f3d257729323aa2dfaaf312b7cd54dbcc2214721eea0863a9b6353cf7a
Size

251KB
Sample

240726-spxy1ayhrb
MD5

a19fec1543d46acedb157ed4c17da068
SHA1

d50111c5a5e68da910859547d95ed9bf0ffdc79f
SHA256

314dd9f3d257729323aa2dfaaf312b7cd54dbcc2214721eea0863a9b6353cf7a
SHA512

18b9b4e50fa80b6fd2c4622cb260154238693bfeb06bc12738245f912b7e2151502524ca5805f70b1d7f2492a8cc664f0caace0ecdae62188467346788e111f3
SSDEEP

6144:RrhjV4Q63rq/vWq93ptqNjzsMzDFmacKtC7zK5c97Cm7I:Blh6bqWqZ34Hn/FTcDzK5c97Cms

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

45.66.231.63

Mutex

Holid_rat_nd8859g

Attributes

delay
60400
install_path
appdata
port
1243
startup_name
HDdisplay

Targets

- Target
  
  314dd9f3d257729323aa2dfaaf312b7cd54dbcc2214721eea0863a9b6353cf7a
- Size
  
  251KB
- MD5
  
  a19fec1543d46acedb157ed4c17da068
- SHA1
  
  d50111c5a5e68da910859547d95ed9bf0ffdc79f
- SHA256
  
  314dd9f3d257729323aa2dfaaf312b7cd54dbcc2214721eea0863a9b6353cf7a
- SHA512
  
  18b9b4e50fa80b6fd2c4622cb260154238693bfeb06bc12738245f912b7e2151502524ca5805f70b1d7f2492a8cc664f0caace0ecdae62188467346788e111f3
- SSDEEP
  
  6144:RrhjV4Q63rq/vWq93ptqNjzsMzDFmacKtC7zK5c97Cm7I:Blh6bqWqZ34Hn/FTcDzK5c97Cms
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan