Overview

overview

10

Static

static

10

Xeno cracked.exe

windows7-x64

10

Xeno cracked.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Xeno cracked.exe

  • Size

    45KB

  • Sample

    240831-ldlchawgqj

  • MD5

    59307cec9fb56ca3d3ae65fae24346b4

  • SHA1

    cf118db01073c3c1a761c2edee06272f0b53d04e

  • SHA256

    9cb32b8bc56f56963b0e7c14649177329b6d995e8fd0d8045d9efea9ad567bff

  • SHA512

    58da19d63fe21446991488590fbbe952e4ce4956160985c8536d545b28506fb8cea84ea8f478fbdb1b34bd9b794b4edaa0dc444ec30e7bbe26d7a8a928ec1a0f

  • SSDEEP

    768:OdhO/poiiUcjlJInX3EH9Xqk5nWEZ5SbTDatuI7CPW5/:Yw+jjgnHEH9XqcnW85SbTIuIH

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

192.168.8.31

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    25565

  • startup_name

    nothingset

Targets

    • Target

      Xeno cracked.exe

    • Size

      45KB

    • MD5

      59307cec9fb56ca3d3ae65fae24346b4

    • SHA1

      cf118db01073c3c1a761c2edee06272f0b53d04e

    • SHA256

      9cb32b8bc56f56963b0e7c14649177329b6d995e8fd0d8045d9efea9ad567bff

    • SHA512

      58da19d63fe21446991488590fbbe952e4ce4956160985c8536d545b28506fb8cea84ea8f478fbdb1b34bd9b794b4edaa0dc444ec30e7bbe26d7a8a928ec1a0f

    • SSDEEP

      768:OdhO/poiiUcjlJInX3EH9Xqk5nWEZ5SbTDatuI7CPW5/:Yw+jjgnHEH9XqcnW85SbTIuIH

    Score
    10/10
    xenoratdiscoveryrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks