xenorat | f81185426901a3519e4d8d030d677ecf8a50d873fecfdd3980ef3ccfac785707 | Triage

Sharing

General

Target

f81185426901a3519e4d8d030d677ecf8a50d873fecfdd3980ef3ccfac785707.exe
Size

367KB
Sample

240731-cgh7wavgqa
MD5

3b28af41d6afa46a8e9b5707e3bfb8f7
SHA1

421755f9c95e2c7140241859983ad8665cf67b41
SHA256

f81185426901a3519e4d8d030d677ecf8a50d873fecfdd3980ef3ccfac785707
SHA512

ddd508da739baacbd05c63b86dc0df4b6b74b416a332e967e8cddf16f1fec5b28ee2cf2a0c82b4ddc7e3fb11040bc15d13330cf73cfce9020cba4d605ceb1729
SSDEEP

6144:H0ths4dDpxQCc6nxbx5S9l2VFqNK8xpDSznNkBJn64nJl0lvzewww0JwwgSnvYq:HKs45p2sxKP2VSKIoznSv64nJl0lvz3t

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

45.66.231.63

Mutex

Tolid_rat_nd8889j

Attributes

delay
40000
install_path
temp
port
1353
startup_name
vplayer

Targets

- Target
  
  f81185426901a3519e4d8d030d677ecf8a50d873fecfdd3980ef3ccfac785707.exe
- Size
  
  367KB
- MD5
  
  3b28af41d6afa46a8e9b5707e3bfb8f7
- SHA1
  
  421755f9c95e2c7140241859983ad8665cf67b41
- SHA256
  
  f81185426901a3519e4d8d030d677ecf8a50d873fecfdd3980ef3ccfac785707
- SHA512
  
  ddd508da739baacbd05c63b86dc0df4b6b74b416a332e967e8cddf16f1fec5b28ee2cf2a0c82b4ddc7e3fb11040bc15d13330cf73cfce9020cba4d605ceb1729
- SSDEEP
  
  6144:H0ths4dDpxQCc6nxbx5S9l2VFqNK8xpDSznNkBJn64nJl0lvzewww0JwwgSnvYq:HKs45p2sxKP2VSKIoznSv64nJl0lvz3t
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan