xenorat | e20a68d2f697e867867fa7a54688b02d80f7703a4134747fb1c4f90068cd76c6 | Triage

Sharing

General

Target

svc.exe
Size

45KB
Sample

240903-a7a8vascjn
MD5

75cf1faac1fbab522db5273d2916eb02
SHA1

b3ede9b5b70d9742a576c6f8e70e3961a24612a8
SHA256

e20a68d2f697e867867fa7a54688b02d80f7703a4134747fb1c4f90068cd76c6
SHA512

ab2946a0f8d00b66f5a0e86573eb129c3a536ae36351144f51ed6857be975a14d02b0a6df1ab9172a251fbf88baa976ecef3410e45fa4bb2ea406c2c9edbd1e2
SSDEEP

768:hdhO/poiiUcjlJInUbqmH9Xqk5nWEZ5SbTDawWI7CPW5K:fw+jjgnWH9XqcnW85SbThWIS

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

10.200.166.240

Mutex

svchost

Attributes

delay
5000
install_path
appdata
port
4895
startup_name
svchost.exe

Targets

- Target
  
  svc.exe
- Size
  
  45KB
- MD5
  
  75cf1faac1fbab522db5273d2916eb02
- SHA1
  
  b3ede9b5b70d9742a576c6f8e70e3961a24612a8
- SHA256
  
  e20a68d2f697e867867fa7a54688b02d80f7703a4134747fb1c4f90068cd76c6
- SHA512
  
  ab2946a0f8d00b66f5a0e86573eb129c3a536ae36351144f51ed6857be975a14d02b0a6df1ab9172a251fbf88baa976ecef3410e45fa4bb2ea406c2c9edbd1e2
- SSDEEP
  
  768:hdhO/poiiUcjlJInUbqmH9Xqk5nWEZ5SbTDawWI7CPW5K:fw+jjgnWH9XqcnW85SbThWIS
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan