General

  • Target

    2B6F6836DB46F93418FADFDB93672FE5.exe

  • Size

    2.6MB

  • Sample

    240824-qhsdts1hkg

  • MD5

    2b6f6836db46f93418fadfdb93672fe5

  • SHA1

    27337907aa2d151ca7f8588ee9b6892e53585bb0

  • SHA256

    15b7a9a420c80d9e2609f3933a23b233ddb6b3a0a6d0f28a92a20d2016f36cd7

  • SHA512

    b76bbd1f84474d0e975bb1a202c85805d9e3e4f402da6c97917b6e782356ec91f7dcefc8c482c1f92208646c42383dc5fdc716b54fc40b06f10913b57ddc863a

  • SSDEEP

    49152:MrQubkKYX4y96FhuD1qeMqlcnN2T2VVtxCmnmX8uSUwaHFyy:MrONB96fuhXMqiGQVtxHnLuSdal

Malware Config

Extracted

Family

xenorat

C2

178.214.236.32

Targets

    • Target

      2B6F6836DB46F93418FADFDB93672FE5.exe

    • Size

      2.6MB

    • MD5

      2b6f6836db46f93418fadfdb93672fe5

    • SHA1

      27337907aa2d151ca7f8588ee9b6892e53585bb0

    • SHA256

      15b7a9a420c80d9e2609f3933a23b233ddb6b3a0a6d0f28a92a20d2016f36cd7

    • SHA512

      b76bbd1f84474d0e975bb1a202c85805d9e3e4f402da6c97917b6e782356ec91f7dcefc8c482c1f92208646c42383dc5fdc716b54fc40b06f10913b57ddc863a

    • SSDEEP

      49152:MrQubkKYX4y96FhuD1qeMqlcnN2T2VVtxCmnmX8uSUwaHFyy:MrONB96fuhXMqiGQVtxHnLuSdal

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks