xenorat | 118686a9d7d4838163cf6516a55ac9fac19e5f401468b6e65f626b2875228909 | Triage

Sharing

General

Target

Nitro_Gen.exe
Size

42.5MB
Sample

240810-a3wzraxemm
MD5

5b1c12152455c9b4e9fb0b855c4a8226
SHA1

8fab99c497ed5e8825ae650d0edf16bed7ad6305
SHA256

118686a9d7d4838163cf6516a55ac9fac19e5f401468b6e65f626b2875228909
SHA512

b116345db188e3f804f8f969e0bdfbda5895f24ca738710362de3a6fa79183607c954034eb29f0378f154318ccf349f7c637c086a78092c83323327cfd20e5fc
SSDEEP

393216:Z1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfR:ZMguj8Q4VfvcqFTrY7RQbCL

Score

10^/10

xenorat discovery pyinstaller rat trojan

Malware Config

Extracted

Family

xenorat

C2

188.164.195.16

Mutex

Nitro-Gen

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
Nitro

Targets

- Target
  
  Nitro_Gen.exe
- Size
  
  42.5MB
- MD5
  
  5b1c12152455c9b4e9fb0b855c4a8226
- SHA1
  
  8fab99c497ed5e8825ae650d0edf16bed7ad6305
- SHA256
  
  118686a9d7d4838163cf6516a55ac9fac19e5f401468b6e65f626b2875228909
- SHA512
  
  b116345db188e3f804f8f969e0bdfbda5895f24ca738710362de3a6fa79183607c954034eb29f0378f154318ccf349f7c637c086a78092c83323327cfd20e5fc
- SSDEEP
  
  393216:Z1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfR:ZMguj8Q4VfvcqFTrY7RQbCL
Score

10^/10

xenorat discovery pyinstaller rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoverypyinstallerrattrojan

behavioral2

xenoratdiscoverypyinstallerrattrojan