Overview

overview

10

Static

static

3

0ecb6966a5...0N.exe

windows7-x64

10

0ecb6966a5...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ecb6966a5dc7138bd15bde42ed8afb0N.exe

  • Size

    240KB

  • Sample

    240819-r943datfpr

  • MD5

    0ecb6966a5dc7138bd15bde42ed8afb0

  • SHA1

    a9fb9c5d41775f19bb298d9cc07fbc67ec83c4ca

  • SHA256

    8134112787a6bc8495d55a81f935b8ac3292b221f61aad14ee94c1f86d2572c9

  • SHA512

    bd5e9c0a9e675ce4881db3ec6ecf17f323a1d72eb31c7d84532086b95965fd8aa1a87520eee284379ceb767d29803ed3e94b7e76d3da011a936cdb264b6140db

  • SSDEEP

    3072:HLuAuVtuicIuUEokbfcROA3FdeIAwAd+ShRYXPDedhnwULCi2yptKId4KhMdaE7y:HLuAcpcI1Vdzl3UCyyIdMdaE7RK6I

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

45.66.231.26

Mutex

Uolid_rat_nd8889j

Attributes
  • delay

    60000

  • install_path

    appdata

  • port

    1356

  • startup_name

    ace

Targets

    • Target

      0ecb6966a5dc7138bd15bde42ed8afb0N.exe

    • Size

      240KB

    • MD5

      0ecb6966a5dc7138bd15bde42ed8afb0

    • SHA1

      a9fb9c5d41775f19bb298d9cc07fbc67ec83c4ca

    • SHA256

      8134112787a6bc8495d55a81f935b8ac3292b221f61aad14ee94c1f86d2572c9

    • SHA512

      bd5e9c0a9e675ce4881db3ec6ecf17f323a1d72eb31c7d84532086b95965fd8aa1a87520eee284379ceb767d29803ed3e94b7e76d3da011a936cdb264b6140db

    • SSDEEP

      3072:HLuAuVtuicIuUEokbfcROA3FdeIAwAd+ShRYXPDedhnwULCi2yptKId4KhMdaE7y:HLuAcpcI1Vdzl3UCyyIdMdaE7RK6I

    Score
    10/10
    xenoratdiscoveryrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks