xenorat | 84ab5607a472d325b4128bf0012fe9253e09a694b57bac657abf54973c9b6312 | Triage

Sharing

General

Target

f81185426901a3519e4d8d030d677ecf8a50d873fecfdd3980ef3ccfac785707_dump.exe
Size

45KB
Sample

240730-3k15zaverk
MD5

15b8e2ef54c276964ff060b418efe7ef
SHA1

44c15cfbcd468be279a6fc87f173215ff1f6e7a1
SHA256

84ab5607a472d325b4128bf0012fe9253e09a694b57bac657abf54973c9b6312
SHA512

565ee7fb24a42a5c0435db3a07df15e5be5ff936383257038fd13c9d02c25d3a0db0241effc6b0c64f949f83d274d2d1e926e929dd9b2c104340fc15f45d2a57
SSDEEP

768:WSisJmceOo5DHoMspLfFpyT7QHbtm+6EyqnN+8N4:AsJmfOmDILprj4QHbt+EH4U4

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

45.66.231.63

Mutex

Tolid_rat_nd8889j

Attributes

delay
40000
install_path
temp
port
1353
startup_name
vplayer

Targets

- Target
  
  f81185426901a3519e4d8d030d677ecf8a50d873fecfdd3980ef3ccfac785707_dump.exe
- Size
  
  45KB
- MD5
  
  15b8e2ef54c276964ff060b418efe7ef
- SHA1
  
  44c15cfbcd468be279a6fc87f173215ff1f6e7a1
- SHA256
  
  84ab5607a472d325b4128bf0012fe9253e09a694b57bac657abf54973c9b6312
- SHA512
  
  565ee7fb24a42a5c0435db3a07df15e5be5ff936383257038fd13c9d02c25d3a0db0241effc6b0c64f949f83d274d2d1e926e929dd9b2c104340fc15f45d2a57
- SSDEEP
  
  768:WSisJmceOo5DHoMspLfFpyT7QHbtm+6EyqnN+8N4:AsJmfOmDILprj4QHbt+EH4U4
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan