Overview

overview

10

Static

static

10

d28c0acdda...0N.exe

windows7-x64

10

d28c0acdda...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d28c0acdda42e00b3d4eb37b09266900N.exe

  • Size

    45KB

  • Sample

    240818-hhqw1a1crg

  • MD5

    d28c0acdda42e00b3d4eb37b09266900

  • SHA1

    c62e7c201391a4c3afe865c6ee689d58f676db0d

  • SHA256

    ec1c8fb43eb1f94c7541cecac7f7daf095e832e3ceef4cb7522c2694131fa4a6

  • SHA512

    b97f29b9159359d75242ba5e1e450fb25607b731c88795a470902ba2fef742262d2dff3da8e6276d5823c3e92ef71e4de11de0bb9339757976676d49f815e6b7

  • SSDEEP

    768:OdhO/poiiUcjlJIn39SH9Xqk5nWEZ5SbTDabuI7CPW5p:Yw+jjgn3oH9XqcnW85SbTOuIR

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8522412d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    53697

  • startup_name

    javaw.exe

Targets

    • Target

      d28c0acdda42e00b3d4eb37b09266900N.exe

    • Size

      45KB

    • MD5

      d28c0acdda42e00b3d4eb37b09266900

    • SHA1

      c62e7c201391a4c3afe865c6ee689d58f676db0d

    • SHA256

      ec1c8fb43eb1f94c7541cecac7f7daf095e832e3ceef4cb7522c2694131fa4a6

    • SHA512

      b97f29b9159359d75242ba5e1e450fb25607b731c88795a470902ba2fef742262d2dff3da8e6276d5823c3e92ef71e4de11de0bb9339757976676d49f815e6b7

    • SSDEEP

      768:OdhO/poiiUcjlJIn39SH9Xqk5nWEZ5SbTDabuI7CPW5p:Yw+jjgn3oH9XqcnW85SbTOuIR

    Score
    10/10
    xenoratdiscoveryrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks