xenorat | 41218c54d65efa9ea37bfcee51e294871687cddcb014e1b796c31a022c4df164 | Triage

Resubmissions

01-08-2024 19:20

240801-x2h3tsvclr 10

01-08-2024 19:20

240801-x14cdavckl 10

01-08-2024 19:19

240801-x1tsyayfmd 10

Sharing

General

Target

xero.rar
Size

6.0MB
Sample

240801-x1tsyayfmd
MD5

9f2296874fda840717a03bc4f084e01c
SHA1

25d6f7f448ac45bcb6111c052a4a78d52584aa92
SHA256

41218c54d65efa9ea37bfcee51e294871687cddcb014e1b796c31a022c4df164
SHA512

7f78babd620de9ee0ccb0ae7d65f2f26ddd065145439e785d1ee87a478cfa08f5ce848f1b047f1a8bafdd6ee36375c2a634a7082919c6bac3ca8615d82dff2a7
SSDEEP

98304:cXL+2tjqXfZivDRU2yvKsJKKro8nKv15sf62NO1dqnTWLHAOd2IyPF3kZTEy:cRYXfcDKlvtKsdntf7KdqSLHtd2IakZL

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xero_Legit

Attributes

delay
5000
install_path
appdata
port
5525
startup_name
nothingset

Targets

- Target
  
  xero/xero.exe
- Size
  
  45KB
- MD5
  
  3b55e1134c4d41bd31da43caa2e281e3
- SHA1
  
  626b6f42961606a84f55529388ba5a761f773ee0
- SHA256
  
  a250d17fc5aedefe2b11a61a8702839cf47317dc36b88e5abeb789a019787c07
- SHA512
  
  efb34525c6d2216569b981fdca53e0ca5123195d5559eedffe90aec98fdea1c49734cfeb1bb4fc38b1147059be057b64180c8d71867a93739cb27bee03af722e
- SSDEEP
  
  768:tdhO/poiiUcjlJInDQuH9Xqk5nWEZ5SbTDaWWI7CPW57:jw+jjgnRH9XqcnW85SbTvWIj
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan