xenorat | 6bed3b85a45853d8b4ce39d2db9ffbb2d54f90c15bde96caf9b08245e653fcec | Triage

Resubmissions

05-09-2024 01:30

240905-bwtrgszgpr 10

02-09-2024 22:07

240902-113ydszcjg 10

Sharing

General

Target

GCclientV1.exe
Size

45KB
Sample

240902-113ydszcjg
MD5

6c0987679747dfe56c8a4bc28860cb2f
SHA1

00ff1ad0b4000be73188c8b6a8d91a4a99c48b57
SHA256

6bed3b85a45853d8b4ce39d2db9ffbb2d54f90c15bde96caf9b08245e653fcec
SHA512

4970b77b4f67de3d6731085f762daf10ebe751449671ccb7fea31076bdc941488f79136fbd697fc3e363d7a2b727604eff676012f0c75602e22b5f5411bb50c5
SSDEEP

768:5dhO/poiiUcjlJIns5C2H9Xqk5nWEZ5SbTDa8uI7CPW5d:3w+jjgnsM2H9XqcnW85SbT5uIV

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

108.234.74.132

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
temp
port
5129
startup_name
Client

Targets

- Target
  
  GCclientV1.exe
- Size
  
  45KB
- MD5
  
  6c0987679747dfe56c8a4bc28860cb2f
- SHA1
  
  00ff1ad0b4000be73188c8b6a8d91a4a99c48b57
- SHA256
  
  6bed3b85a45853d8b4ce39d2db9ffbb2d54f90c15bde96caf9b08245e653fcec
- SHA512
  
  4970b77b4f67de3d6731085f762daf10ebe751449671ccb7fea31076bdc941488f79136fbd697fc3e363d7a2b727604eff676012f0c75602e22b5f5411bb50c5
- SSDEEP
  
  768:5dhO/poiiUcjlJIns5C2H9Xqk5nWEZ5SbTDa8uI7CPW5d:3w+jjgnsM2H9XqcnW85SbT5uIV
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan