Overview

overview

10

Static

static

10

xs.exe

windows7-x64

10

xs.exe

windows10-2004-x64

10

Resubmissions

29-08-2024 08:01

240829-jwkskssgnp 10

Analysis

  • max time kernel
    509s
  • max time network
    509s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2024 08:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xs.exe

  • Size

    45KB

  • MD5

    104a64376edf7d06e889e2fcc8e6e62b

  • SHA1

    7b7deb77061f44e6a0bb00f689361dc50e0c6ffe

  • SHA256

    8d8e2512c933655992aae67eb76c97d5faafa9b2f99baf4e6916a4b398288f8d

  • SHA512

    af9bac66d17df421ade13ab4b9c3fcde5654c35cfb57e7ff85aa5288496077a678437c60fb225c85f39aa7aed2dab9a4523996640c37559243c37b355be5b9a2

  • SSDEEP

    768:tdhO/poiiUcjlJInlzH9Xqk5nWEZ5SbTDafWI7CPW5V:jw+jjgndH9XqcnW85SbTeWId

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

lyrics-contest.gl.at.ply.gg

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    nothingset

  • port

    47112

  • startup_name

    nothingset

Signatures

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\xs.exe
    "C:\Users\Admin\AppData\Local\Temp\xs.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2568-0-0x000000007441E000-0x000000007441F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-1-0x0000000000020000-0x0000000000032000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2568-2-0x0000000074410000-0x0000000074AFE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2568-3-0x000000007441E000-0x000000007441F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-4-0x0000000074410000-0x0000000074AFE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2568-5-0x0000000000530000-0x000000000053A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2568-6-0x0000000000580000-0x000000000058A000-memory.dmp

    Filesize

    40KB

    Download