xenorat | c7e7be05ba49a626dab92a2a2d52dbecfd77cd307b91c231a1e01793eeed86eb | Triage

Sharing

General

Target

07082024_0919_dthsgs.exe
Size

250KB
Sample

240807-k971pswerr
MD5

8def0f85d1f18a9a6b700224c7bd9d9c
SHA1

1ac4779022750a9069e5f613200bcce258803b6d
SHA256

c7e7be05ba49a626dab92a2a2d52dbecfd77cd307b91c231a1e01793eeed86eb
SHA512

3614926f9af7332f35a725daf47e0042be035b3efcc668c1b36ee2a7a5d5a6bf3ea11301ce58ee5169d0e6bc74d8bd7ad910a0e44e2951fb40f25210eb00c170
SSDEEP

6144:Cmj4xlRcbUEZA9qYK51W31+6jWB+U7C2I:z4V2A9qYK51WpjWB+U7CL

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

cns.requimacofradian.site

Mutex

Uolid_rat_nd8889j

Attributes

delay
45000
install_path
appdata
port
1354
startup_name
vdplayer

Targets

- Target
  
  07082024_0919_dthsgs.exe
- Size
  
  250KB
- MD5
  
  8def0f85d1f18a9a6b700224c7bd9d9c
- SHA1
  
  1ac4779022750a9069e5f613200bcce258803b6d
- SHA256
  
  c7e7be05ba49a626dab92a2a2d52dbecfd77cd307b91c231a1e01793eeed86eb
- SHA512
  
  3614926f9af7332f35a725daf47e0042be035b3efcc668c1b36ee2a7a5d5a6bf3ea11301ce58ee5169d0e6bc74d8bd7ad910a0e44e2951fb40f25210eb00c170
- SSDEEP
  
  6144:Cmj4xlRcbUEZA9qYK51W31+6jWB+U7C2I:z4V2A9qYK51WpjWB+U7CL
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan