Overview

overview

10

Static

static

8

Pago pendientes.doc

windows7-x64

8

Pago pendientes.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pago pendientes.doc

  • Size

    141KB

  • Sample

    240826-s1xgls1ere

  • MD5

    1eefd150be33d5969d86f5dd82774291

  • SHA1

    383a690269b80ca756e98387d6fcb6f7b9ae6c80

  • SHA256

    e62a8640510e8a72b5f5b9115b94439df31cfe186970ce831fc2ac200605dcaf

  • SHA512

    692e502198fe40e08bdb58f9864051663eb661990c5f0bc2165a86d79f57f5354c5d17b45495cc1562b166222f5ecf45923a77c8310393f67884fac6f471aa5b

  • SSDEEP

    1536:XuonbOonbOonbV2mW7T+Y7Tx/RvvRdvkRRFbBoW5zzyJZjgkZrcrcrcuu9AUl/nl:K1DYGoMACJOue3flR5Pq3HWn08XQYp

Score
10/10
xenoratdiscoverymacromacro_on_actionrattrojan

Malware Config

Extracted

Family

xenorat

C2

45.66.231.26

Mutex

Uolid_rat_nd8889j

Attributes
  • delay

    60000

  • install_path

    appdata

  • port

    1356

  • startup_name

    ace

Targets

    • Target

      Pago pendientes.doc

    • Size

      141KB

    • MD5

      1eefd150be33d5969d86f5dd82774291

    • SHA1

      383a690269b80ca756e98387d6fcb6f7b9ae6c80

    • SHA256

      e62a8640510e8a72b5f5b9115b94439df31cfe186970ce831fc2ac200605dcaf

    • SHA512

      692e502198fe40e08bdb58f9864051663eb661990c5f0bc2165a86d79f57f5354c5d17b45495cc1562b166222f5ecf45923a77c8310393f67884fac6f471aa5b

    • SSDEEP

      1536:XuonbOonbOonbV2mW7T+Y7Tx/RvvRdvkRRFbBoW5zzyJZjgkZrcrcrcuu9AUl/nl:K1DYGoMACJOue3flR5Pq3HWn08XQYp

    Score
    10/10
    discoveryxenoratrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks