xenorat | f452d308667d9c6dff85c5d17ad8a791a9b2d4a8ecd4d976b2213888d79063e5 | Triage

Sharing

General

Target

f452d308667d9c6dff85c5d17ad8a791a9b2d4a8ecd4d976b2213888d79063e5
Size

42.5MB
Sample

240810-a2cjqa1fld
MD5

7fc35dab36cbce9c5e3272232e561ddb
SHA1

f2f8c41c6e486269f20a989a70172ec57faef1ee
SHA256

f452d308667d9c6dff85c5d17ad8a791a9b2d4a8ecd4d976b2213888d79063e5
SHA512

f63f925397f37fd96a959129f49bb9de81b0eeaf0a20ac323d6d8a03fe1c02496b9624044bb889bc9892e24b9df870ab3a1c1f01a12bbe23df23a7418a4ba8c3
SSDEEP

393216:Z1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfb:ZMguj8Q4VfvZqFTrYwIrRy19dLY1E

Score

10^/10

xenorat discovery pyinstaller rat trojan

Malware Config

Extracted

Family

xenorat

C2

76.109.192.116

Mutex

Nitro-Gen

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
Nitro

Targets

- Target
  
  f452d308667d9c6dff85c5d17ad8a791a9b2d4a8ecd4d976b2213888d79063e5
- Size
  
  42.5MB
- MD5
  
  7fc35dab36cbce9c5e3272232e561ddb
- SHA1
  
  f2f8c41c6e486269f20a989a70172ec57faef1ee
- SHA256
  
  f452d308667d9c6dff85c5d17ad8a791a9b2d4a8ecd4d976b2213888d79063e5
- SHA512
  
  f63f925397f37fd96a959129f49bb9de81b0eeaf0a20ac323d6d8a03fe1c02496b9624044bb889bc9892e24b9df870ab3a1c1f01a12bbe23df23a7418a4ba8c3
- SSDEEP
  
  393216:Z1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfb:ZMguj8Q4VfvZqFTrYwIrRy19dLY1E
Score

10^/10

xenorat discovery pyinstaller rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xenoratdiscoverypyinstallerrattrojan