Overview

overview

10

Static

static

1

URLScan

urlscan

https://mega.nz/file...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://mega.nz/file/0lVF2C5S#tRrh4fU--cDJCl5c0s7U4f6O3q1U-tsuNOdC51qF9sQ

  • Sample

    240814-wrzr6a1clr

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

147.185.221.19

Mutex

8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    64704

  • startup_name

    exploitz

Targets

    • Target

      https://mega.nz/file/0lVF2C5S#tRrh4fU--cDJCl5c0s7U4f6O3q1U-tsuNOdC51qF9sQ

    Score
    10/10
    xenoratdiscoveryrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks