xenorat | 009c7b94b0d9541477c43105707754fa3ad4962dc561533a4a0b86689f2518db | Triage

Sharing

General

Target

gdfgdfgfdg.exe
Size

45KB
Sample

240813-224rra1arc
MD5

b1ff6fc37c6f30705b60421bad837ba1
SHA1

86c14aa784f97ac9018bd33d2b2cda2606dc0679
SHA256

009c7b94b0d9541477c43105707754fa3ad4962dc561533a4a0b86689f2518db
SHA512

5bb2f33b6d7663a88290e0bffc81470614455da4ebf5ea8aae4e8b38b41d702dce1ca47616808f2cfd48c6061b935ec1379281bb43e56f4e1c153e1abb67ba09
SSDEEP

768:1dhO/poiiUcjlJInUonH9Xqk5nWEZ5SbTDawWI7CPW56:Lw+jjgn/nH9XqcnW85SbTJWIS

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

related-directed.gl.at.ply.gg

Mutex

TestingRat

Attributes

install_path
appdata
port
3403
startup_name
nothingset

Targets

- Target
  
  gdfgdfgfdg.exe
- Size
  
  45KB
- MD5
  
  b1ff6fc37c6f30705b60421bad837ba1
- SHA1
  
  86c14aa784f97ac9018bd33d2b2cda2606dc0679
- SHA256
  
  009c7b94b0d9541477c43105707754fa3ad4962dc561533a4a0b86689f2518db
- SHA512
  
  5bb2f33b6d7663a88290e0bffc81470614455da4ebf5ea8aae4e8b38b41d702dce1ca47616808f2cfd48c6061b935ec1379281bb43e56f4e1c153e1abb67ba09
- SSDEEP
  
  768:1dhO/poiiUcjlJInUonH9Xqk5nWEZ5SbTDawWI7CPW56:Lw+jjgn/nH9XqcnW85SbTJWIS
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan