Overview

overview

10

Static

static

10

Fixer/Fixer.exe

windows10-1703-x64

10

Fixer/Fixer.exe

windows10-2004-x64

10

Fixer/Fixer.exe

windows11-21h2-x64

10

Fixer/Fixer.exe

macos-10.15-amd64

4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Password a.rar

  • Size

    19KB

  • Sample

    240901-kp2m7awekm

  • MD5

    1a9c0e42ec58b7255874aad4971425b7

  • SHA1

    77dcb7b5da67f58d193a8e1669c76a9822e6046a

  • SHA256

    fe334383fda5544da762cfdf0e63b67f8353697bd978954eab09c6edba951488

  • SHA512

    10b878aa9bd8103b2b4e64a81df5b996f5659d705a5eaf49bfe8a8d341b48f31cb08c19fe171765dad63132ec550ba877c07fb4922f10e4934c1ef9462919efb

  • SSDEEP

    384:btxaCY994W8hZLJokQz16hBCODEE6rfCGXtYlGBiVRDwUZ6oL8m+7:iCBx2H5OqrfCGX8GBCc6dI

Score
10/10
xenoratdiscoveryevasionmacosrattrojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    1

  • install_path

    appdata

  • port

    69

  • startup_name

    System-33

Targets

    • Target

      Fixer/Fixer.exe

    • Size

      45KB

    • MD5

      5ef7344600895b2f13d5d8e44537d946

    • SHA1

      bdf05e86b0c923a0c1edead40cc50819b185d4c0

    • SHA256

      50866224673bc35d89ba701eaf3e794f452fecf308e9fab36be21fe8c486a9d0

    • SHA512

      9563e4b2c98e3ccc8b47c9739a9a74680c9782f1bd18d67c80fb5f85e6bc667df72978b3d7858ddb30ba522d574215b720a2792b7e9e6d34759d0cdc2eb43c69

    • SSDEEP

      768:OdhO/poiiUcjlJInMzH9Xqk5nWEZ5SbTDadWI7CPW5h:Yw+jjgnuH9XqcnW85SbTMWI5

    Score
    10/10
    xenoratdiscoveryrattrojanevasion

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks