xenorat | cd18fdfb3c1421f183e3b7ae865ffe3a0c19042ff4e7d8c12d89e9b70ecfa836 | Triage

Sharing

General

Target

cd18fdfb3c1421f183e3b7ae865ffe3a0c19042ff4e7d8c12d89e9b70ecfa836
Size

573KB
Sample

240813-vkw71swajb
MD5

8a387c8c25a0ca29efc0f12f192c5976
SHA1

b162424169f9c04ff0558f1eaffab4ebed29d48f
SHA256

cd18fdfb3c1421f183e3b7ae865ffe3a0c19042ff4e7d8c12d89e9b70ecfa836
SHA512

c7107faca72db4518d61f0f7636bbe4c8664f383c0463d5a9b3cd26d771c16b04df0e27f3097c13b4ddfa8e62369bc9ab3bd8a2db05a665e9974af7e2229fb05
SSDEEP

12288:xyveQB/fTHIGaPkKEYzURNAwbAgB2X+t471zcJIKn6Ac2EwciZb:xuDXTIGaPhEYzUzA0/071zVKn6Ac2VcG

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

10.0.2.15

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4782
startup_name
nothingset

Targets

- Target
  
  cd18fdfb3c1421f183e3b7ae865ffe3a0c19042ff4e7d8c12d89e9b70ecfa836
- Size
  
  573KB
- MD5
  
  8a387c8c25a0ca29efc0f12f192c5976
- SHA1
  
  b162424169f9c04ff0558f1eaffab4ebed29d48f
- SHA256
  
  cd18fdfb3c1421f183e3b7ae865ffe3a0c19042ff4e7d8c12d89e9b70ecfa836
- SHA512
  
  c7107faca72db4518d61f0f7636bbe4c8664f383c0463d5a9b3cd26d771c16b04df0e27f3097c13b4ddfa8e62369bc9ab3bd8a2db05a665e9974af7e2229fb05
- SSDEEP
  
  12288:xyveQB/fTHIGaPkKEYzURNAwbAgB2X+t471zcJIKn6Ac2EwciZb:xuDXTIGaPhEYzUzA0/071zVKn6Ac2VcG
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan