xenorat | 7de228298eaaff167f41c57c511e4935940432825425225b1a62933e967f7518 | Triage

Sharing

General

Target

2b6f6836db46f93418fadfdb93672fe5.bin
Size

2.6MB
Sample

240826-bg639sxgpq
MD5

8fd9bd3b9057b6d52add13168284c6ee
SHA1

b632857eb854ad24bbc468dc72dba6c2d5af40fe
SHA256

7de228298eaaff167f41c57c511e4935940432825425225b1a62933e967f7518
SHA512

e28e8eb4cb8bd1502e1dd2f272a641daf942740b5a0c1b5b3e87782527e610a748e95b1c5cfbe9f27f9b2fc70368413a332204221ff77cd5e616b36f126e6c04
SSDEEP

49152:1FuGaGV7hUfOvVcwtxgNnJURokvh6qVgKaHQgd+OBu1MIRMrCkM9ixy:jnhUm5tex+o66hLHQ+ZM9ixy

Score

10^/10

xenorat discovery rat trojan

Malware Config

Targets

- Target
  
  15b7a9a420c80d9e2609f3933a23b233ddb6b3a0a6d0f28a92a20d2016f36cd7.exe
- Size
  
  2.6MB
- MD5
  
  2b6f6836db46f93418fadfdb93672fe5
- SHA1
  
  27337907aa2d151ca7f8588ee9b6892e53585bb0
- SHA256
  
  15b7a9a420c80d9e2609f3933a23b233ddb6b3a0a6d0f28a92a20d2016f36cd7
- SHA512
  
  b76bbd1f84474d0e975bb1a202c85805d9e3e4f402da6c97917b6e782356ec91f7dcefc8c482c1f92208646c42383dc5fdc716b54fc40b06f10913b57ddc863a
- SSDEEP
  
  49152:MrQubkKYX4y96FhuD1qeMqlcnN2T2VVtxCmnmX8uSUwaHFyy:MrONB96fuhXMqiGQVtxHnLuSdal
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan