Overview

overview

10

Static

static

10

Fixer/Fixer.exe

windows7-x64

10

Fixer/Fixer.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fixer.rar

  • Size

    19KB

  • Sample

    240901-mcnlxaydkg

  • MD5

    3b0a03d0073cabc8814c29eb8638550c

  • SHA1

    1ee5d0cd2060afdc2556c7361ea7a3dfa4311705

  • SHA256

    8c50b01988e0e4134e623d602f82c33c22add9e337cf403a590288ad95711031

  • SHA512

    db7acd1d4f03537e91e2bb5f935068654665f00735d6184715ec8e9dee568430c1e721b703248ca96abee0ff3444f1d9281073bc835cccfa6b27b1354206aff9

  • SSDEEP

    384:bmK1U/j5/ajMNNN3zYecSjnX/kenJIGj1Lkewhu8C1h/:qGU/j5yjeb8ecSjnX3hRwRY8up

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    1

  • install_path

    appdata

  • port

    69

  • startup_name

    System-33

Targets

    • Target

      Fixer/Fixer.exe

    • Size

      45KB

    • MD5

      5ef7344600895b2f13d5d8e44537d946

    • SHA1

      bdf05e86b0c923a0c1edead40cc50819b185d4c0

    • SHA256

      50866224673bc35d89ba701eaf3e794f452fecf308e9fab36be21fe8c486a9d0

    • SHA512

      9563e4b2c98e3ccc8b47c9739a9a74680c9782f1bd18d67c80fb5f85e6bc667df72978b3d7858ddb30ba522d574215b720a2792b7e9e6d34759d0cdc2eb43c69

    • SSDEEP

      768:OdhO/poiiUcjlJInMzH9Xqk5nWEZ5SbTDadWI7CPW5h:Yw+jjgnuH9XqcnW85SbTMWI5

    Score
    10/10
    xenoratdiscoveryrattrojan

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks