xenorat | 5afdadce8cedaae5116cfeda28bbaaa404eab78da0294b166f4857d5825a13d5 | Triage

Sharing

General

Target

5afdadce8cedaae5116cfeda28bbaaa404eab78da0294b166f4857d5825a13d5.exe
Size

1.1MB
Sample

240731-bs75psyhrn
MD5

b56f9e62246ba1a274247be7899c6e4c
SHA1

671a520327d26a074340fbf24902c8757234ba48
SHA256

5afdadce8cedaae5116cfeda28bbaaa404eab78da0294b166f4857d5825a13d5
SHA512

fe0c9ed3fe0c37dde093cbe4aeb9c446998ffbf61c6cef2e0305df76531399d827b6c34a02a531beb82f9d6890e0f7664e4619b41213e2c2abb17b42460c4053
SSDEEP

24576:mtFP9KwFA2GeBNbpNtu6z0XDc4NeE7uj+EkLKGNgaWFqooHgNv+82BCxb:q9r7/tu6iDXNLBR1sM5ANvl2u

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

178.214.236.32

Mutex

RuntimeBroker

Attributes

delay
500
install_path
appdata
port
3450
startup_name
RuntimeBroker

Targets

- Target
  
  5afdadce8cedaae5116cfeda28bbaaa404eab78da0294b166f4857d5825a13d5.exe
- Size
  
  1.1MB
- MD5
  
  b56f9e62246ba1a274247be7899c6e4c
- SHA1
  
  671a520327d26a074340fbf24902c8757234ba48
- SHA256
  
  5afdadce8cedaae5116cfeda28bbaaa404eab78da0294b166f4857d5825a13d5
- SHA512
  
  fe0c9ed3fe0c37dde093cbe4aeb9c446998ffbf61c6cef2e0305df76531399d827b6c34a02a531beb82f9d6890e0f7664e4619b41213e2c2abb17b42460c4053
- SSDEEP
  
  24576:mtFP9KwFA2GeBNbpNtu6z0XDc4NeE7uj+EkLKGNgaWFqooHgNv+82BCxb:q9r7/tu6iDXNLBR1sM5ANvl2u
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan