xenorat | 8fb40c856daf038d45a2d5b5f93bfa48987d54493b43ac76c16a7fceb7011f86 | Triage

Resubmissions

11-08-2024 02:35

240811-c3dvaa1djl 10

18-07-2024 20:18

240718-y3j7ysxfna 10

Sharing

General

Target

KNRLBOOTSTRAPPER.exe
Size

468KB
Sample

240811-c3dvaa1djl
MD5

25dd17cdd4cb0ea687bacc96f11df77f
SHA1

e35e77bbdea42a36fe4d2f456022ab07ddc1a65f
SHA256

8fb40c856daf038d45a2d5b5f93bfa48987d54493b43ac76c16a7fceb7011f86
SHA512

3144c457786e9764d8ea026d1c312e90e5158507b1133e3e477922c54a721ac29a1014d8103aba592fe2b65e831dbb8d5362968c588824894afe77de04968799
SSDEEP

6144:SWV91Ub+4jU83nN6xMrSTpNx+NgrnpGH2bRr:SiTXx

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
Xeno_manager.exe

Targets

- Target
  
  KNRLBOOTSTRAPPER.exe
- Size
  
  468KB
- MD5
  
  25dd17cdd4cb0ea687bacc96f11df77f
- SHA1
  
  e35e77bbdea42a36fe4d2f456022ab07ddc1a65f
- SHA256
  
  8fb40c856daf038d45a2d5b5f93bfa48987d54493b43ac76c16a7fceb7011f86
- SHA512
  
  3144c457786e9764d8ea026d1c312e90e5158507b1133e3e477922c54a721ac29a1014d8103aba592fe2b65e831dbb8d5362968c588824894afe77de04968799
- SSDEEP
  
  6144:SWV91Ub+4jU83nN6xMrSTpNx+NgrnpGH2bRr:SiTXx
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan