Overview

overview

10

Static

static

3

f811854269...07.exe

windows7-x64

10

f811854269...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    362ac7810efa8ad0551457f6b19be25616143bafbc4e602abae0d05b7ce22323

  • Size

    255KB

  • Sample

    240801-c7nkaaxfnm

  • MD5

    cb4be9bd6b075afb7fab01b184871c22

  • SHA1

    3c97f7cefaa3bcbc367da0a6d177788799902e07

  • SHA256

    362ac7810efa8ad0551457f6b19be25616143bafbc4e602abae0d05b7ce22323

  • SHA512

    a4b53c7f155a67ed51e67c7666ce61c83228baed2961433001a9c266d18aa5930fb71cbbb50aa0057a2f8f203803966e51731537bb8a4d51cc3f3beafaf0fdb7

  • SSDEEP

    6144:7A9r6h5uyxEW1H+gRsjMk+48UBbBR6X7K0sjT0Mi:E9uh57pJZ948UBYoPg

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

45.66.231.63

Mutex

Tolid_rat_nd8889j

Attributes
  • delay

    40000

  • install_path

    temp

  • port

    1353

  • startup_name

    vplayer

Targets

    • Target

      f81185426901a3519e4d8d030d677ecf8a50d873fecfdd3980ef3ccfac785707.exe

    • Size

      367KB

    • MD5

      3b28af41d6afa46a8e9b5707e3bfb8f7

    • SHA1

      421755f9c95e2c7140241859983ad8665cf67b41

    • SHA256

      f81185426901a3519e4d8d030d677ecf8a50d873fecfdd3980ef3ccfac785707

    • SHA512

      ddd508da739baacbd05c63b86dc0df4b6b74b416a332e967e8cddf16f1fec5b28ee2cf2a0c82b4ddc7e3fb11040bc15d13330cf73cfce9020cba4d605ceb1729

    • SSDEEP

      6144:H0ths4dDpxQCc6nxbx5S9l2VFqNK8xpDSznNkBJn64nJl0lvzewww0JwwgSnvYq:HKs45p2sxKP2VSKIoznSv64nJl0lvz3t

    Score
    10/10
    xenoratdiscoveryrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks