xenorat | 1da503b09db301240e0e884cb784c00ac36bed73ff1589706db852fd21dc1b90 | Triage

Sharing

General

Target

Vape.Ghost.Client.exe
Size

5.2MB
Sample

240812-grj95ssfpg
MD5

35df05b7c1961a0f69bd99ea78732656
SHA1

0b6c342574f28ff311232549db6c4f147db779dc
SHA256

1da503b09db301240e0e884cb784c00ac36bed73ff1589706db852fd21dc1b90
SHA512

a19686a1d3b4366091a931d2270c8c263c504106abb9b302de6c51df271cabd6523b699c37c4333135f61699d037d640f07a15e791c220ac1dd5a190eef5eb1c
SSDEEP

98304:mR0PSTKTvyaW4YWXkOeLJGAD9hPa7TE8KTh0QcIzypHchp5leZzgD:yYwKTvBYyBqA8hPa7TEP9ZcIzyahpPKw

Score

10^/10

xenorat discovery persistence rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
nothingset

Targets

- Target
  
  Vape.Ghost.Client.exe
- Size
  
  5.2MB
- MD5
  
  35df05b7c1961a0f69bd99ea78732656
- SHA1
  
  0b6c342574f28ff311232549db6c4f147db779dc
- SHA256
  
  1da503b09db301240e0e884cb784c00ac36bed73ff1589706db852fd21dc1b90
- SHA512
  
  a19686a1d3b4366091a931d2270c8c263c504106abb9b302de6c51df271cabd6523b699c37c4333135f61699d037d640f07a15e791c220ac1dd5a190eef5eb1c
- SSDEEP
  
  98304:mR0PSTKTvyaW4YWXkOeLJGAD9hPa7TE8KTh0QcIzypHchp5leZzgD:yYwKTvBYyBqA8hPa7TEP9ZcIzyahpPKw
Score

10^/10

xenorat discovery persistence rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoverypersistencerattrojan