xenorat | c608bdd745898e19de5dc85942912f2d61727017932fedb4328a4242e64a5521

Sharing

Copy URL

Twitter E-mail

General

Target

Release.zip
Size

2.5MB
Sample

240906-1qbfdszbqp
MD5

eaee0ff03c04e223580b6d82c926de3c
SHA1

908871c8b35476444e0a0d95b517db62583a25a1
SHA256

c608bdd745898e19de5dc85942912f2d61727017932fedb4328a4242e64a5521
SHA512

162175a266fc11c3c9c6d58e89a4978f5ef88ffeeb28018e6eaf38320b3e1af6d2598c51f170ff7cd6929ac0d339e249e01e4196bad0340f254759dc34d94291
SSDEEP

49152:yiNPitcKGRKwt0yy+sEp/s0aHx9psNe1aUxKAWNyL1LI6vKFqXBJs1AK5JdE:yiNaiKGEOJQnsNejKAq4JIbFqXB0ndE

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

localhost

Mutex

testing 123123

Attributes

delay
1000
install_path
nothingset
port
1234
startup_name
nothingset

Targets

- Target
  
  Release/plugins/Chat.dll
- Size
  
  11KB
- MD5
  
  1dbfe9236bd915fc575d058ab026dbf5
- SHA1
  
  120368bed3da7852bb3f85112c845a51d9324af2
- SHA256
  
  16e4786dd7a245bce630be805c754ee104dfb932346c28f655c7559c36d368bc
- SHA512
  
  cec6fb91337e1d881b5c9ad3823678e29b530480acfe462abc267ed4883888282a5e8b976db6dbb954cb3810dfcceeb40e1beb71dd6e987f7890c1206765a3c4
- SSDEEP
  
  192:NKKZUEl+O7yduI9/SJuiCoxENny9+E8cr2a8Vk+C:gKZUm+N0IyCoxENng+Ed21Vk+C
Score

1^/10
behavioral1 behavioral2
- Target
  
  Release/plugins/File manager.dll
- Size
  
  16KB
- MD5
  
  9f159f0c5302219931c8bad4d926340b
- SHA1
  
  10e22627b54493182500d973aaf7b3f2fe81d6f6
- SHA256
  
  266d4f5493addc7e1ffe013ca72bd9228599c0aebca03116adb59c4dc75cca4f
- SHA512
  
  c6edbb1dcf1ae6fbc567b1e313cc83da2cc6e1a2f4cbfad8c10af61d111937fef3ff9b22a8aae63fd259f0ca0e430ca8d7d7512e543f7b84d360c3567d91d860
- SSDEEP
  
  384:hnlp9lrtlsVEgj94aTAQVD/LQ2h9md7+KGjynpY1qRQNcmS99m1E4muKHGrJxE6G:Pdr7KH2ujcNgEhTmrJnSNv
Score

1^/10
behavioral3 behavioral4
- Target
  
  Release/plugins/Fun.dll
- Size
  
  10KB
- MD5
  
  c87e248ddb9bec97b132ee616b5b9e4d
- SHA1
  
  ddd715a1171697a472ceb7e76141e56661a9b887
- SHA256
  
  22001b55c1b3e7dede5d8277003bfee4ef10cc9e9e105018b1db6b0c7d43a529
- SHA512
  
  661f26aaa95c80dafc5a27fd40da73fad729bd2637684c7122e65a0d47af490f35d3a567095aef518e5069ed0715d507857689d40ebf62549566bbcc08cfecef
- SSDEEP
  
  192:CUnoWhQZ6XiYn2JJeGPgfR85+E9EcgdTXIaONBhMU:CUnriEX0JJeG4fSF9EceJO3hMU
Score

1^/10
behavioral5 behavioral6
- Target
  
  Release/plugins/Hvnc.dll
- Size
  
  37KB
- MD5
  
  434e59c68f37298a956d7c3a3ce95a16
- SHA1
  
  e0f82f0204fc6aea2f205e2cb70b838753857f1e
- SHA256
  
  9e9b73b88c4f499ddfacad44600ba7ab1a167d756c70355c1e48c4301ced19ae
- SHA512
  
  66dff006e517a82eefab78a935ce52d390e34137a146fdc3b5f49457719d08b264fdb2b6497d3c0e34580e53a93d71ed22f7dbc60f2e214d8e8b00d3d4eea57c
- SSDEEP
  
  768:dWlicSg2Dr2L4xFM7cZFy5SXoZy9AxgZNzcsXd3:dWliHxhZFtooRTgYd
Score

1^/10
behavioral7 behavioral8
- Target
  
  Release/plugins/InfoGrab.dll
- Size
  
  965KB
- MD5
  
  5c065909115410dff8f51302388a3887
- SHA1
  
  6ea404a42e4a34e33439ffa7c3900c88a633c50d
- SHA256
  
  71c8a4bf4a2a9d522a7e663a058134a19931c42cf27ab2f3575c4aaff0cc9286
- SHA512
  
  d06a08550fe37953286d95d5cf52e2148be7917eef69dfd05beb8192da4b1396c876dc4c6168afedac1532aa59b778947099e4527c5bce569753755912a0a5d9
- SSDEEP
  
  24576:IGlTjiaeAeOTKAzbARntW+hZxCNqbo6RVX8sa6AtWZl2cjv:IGNjiSZTKAzkltDhTCcVX8saTtWyc
Score

1^/10
behavioral10 behavioral9
- Target
  
  Release/plugins/KeyLogger.dll
- Size
  
  10KB
- MD5
  
  d720b2913f96044c8d0e0c7b9d9fda80
- SHA1
  
  47b3c7e76dcf988d99e74229c8828912ba6f00fe
- SHA256
  
  8e45483894b9eac84e1f85352d221d6da6700e1bb505557a315e7830d9fdb051
- SHA512
  
  eb9df82e044ece5bf2ebcd2ba3f7f27603325e0dd8ad1fddca29cab57956a478a51adbb4d02d6dfe29e5c547955d03977bd7ad194ef36965ba42e74346231dda
- SSDEEP
  
  192:ANUy4+lcKKegMf3Fw72VddFE5ij9eT0pqfAp0FSvtCKts+HBQK:ANUhLTegK9V1E5ij9eT0pqfAp0FSIK2U
Score

1^/10
behavioral11 behavioral12
- Target
  
  Release/plugins/KeyLoggerOffline.dll
- Size
  
  20KB
- MD5
  
  d76c8cc9559d1f0ae9729dc399af11d2
- SHA1
  
  b1eccde399e2ef67abba9911e1974d1d07dff929
- SHA256
  
  eae3559f23034ef01b18b6cfd36101f46b79b359d7a82a3ba5671f37769e4ef6
- SHA512
  
  c42809a8f33460e61a91e06003286caa875abb86eba7e9b1aefcd36f43c9962db1c72b50b4aba7e61199b08da96dd022ed023dcfc9ca01501dc8a4ba9e36c018
- SSDEEP
  
  384:3hQwETvQ1kuczBhB/vfAuRUmz1nU2TvxRHVEAidn9eT0pqfAp0FS8EQ1NSR:R7GBhauRxnUmRH0/z9Q1NSR
Score

1^/10
behavioral13 behavioral14
- Target
  
  Release/plugins/LiveMicrophone.dll
- Size
  
  494KB
- MD5
  
  b69fdc57a5847ff48ea62f3a652e13eb
- SHA1
  
  2464ea9a6acf23e699daf2685643cb868c4ce5bd
- SHA256
  
  2aa64c827eba115df9c42be07730656ba8c094fa216a8e083823ceb03292944e
- SHA512
  
  ff88772aae64fdcf2eb36f634de83f94ba19bf042ae6a5599d6e1e8d88f2b0ccf675999097e1fe1a3eb05c7e584118334bf3c787113e7b027d3958d05d0e6100
- SSDEEP
  
  6144:iEEBgI4IqKU1zPffsFPdrpzdY2SwCSfTlHBQWpvrHkx4r79ZQf9yZ86DyXlmqwHF:iCCUlom2SDSIWpvrHm3mVn6Va
Score

1^/10
behavioral15 behavioral16
- Target
  
  Release/plugins/ProcessManager.dll
- Size
  
  17KB
- MD5
  
  c651742709ad78ee0ee5996bbeac7e79
- SHA1
  
  d37cf9f6872a9b1ac9487f7eac647db02654f2cd
- SHA256
  
  5297be7c2866be1ab9c4b301ead3a02c1b8b766ef58f75ba0cfe1bf47c1303ff
- SHA512
  
  85b20be079b6e54fcabd02b5ea68a1249b506ea99c6b2ca20785c1fe27d7ff4f6c1e7588a88a8f6eea01487eed49ad035a0952306b0ad1290616d9ac41c06c36
- SSDEEP
  
  384:2BQdWoTosNId4jlFN2kg3EHEeGdhCd1JIhLUSOZAnVb:2wagId4jQEZdriN
Score

1^/10
behavioral17 behavioral18
- Target
  
  Release/plugins/Registry Manager.dll
- Size
  
  12KB
- MD5
  
  3d2b29f0e89cbf96a5269b2da25d1dd2
- SHA1
  
  ecf93f2f7405111fc571129abd587747c6d88df9
- SHA256
  
  12d8e3a70cd132202193035786ec80990151aa0f684e66bbc522a49bb5f9c804
- SHA512
  
  21066a0c44afe13d667db1a73349757e7eed5f3a2005bf4b108715158496f518f8a95db414cbfeea4fd021a6b16e6371267759cb7ba536d0e686f7c0b1fbe388
- SSDEEP
  
  192:RQ/AstzyaRFzlMXR5DfXXb5BCOrv6qOBPEUbafINUu:yVZFzlMXRFXCGEBPEUBH
Score

1^/10
behavioral19 behavioral20
- Target
  
  Release/plugins/ReverseProxy.dll
- Size
  
  16KB
- MD5
  
  a537046f841881a29508bd64133e89cb
- SHA1
  
  2aec79f9e069ae80f479a895a4d997759289ef58
- SHA256
  
  0852e21406712d75123d7213b891f6556f028bd57e47816cdc24334b50382042
- SHA512
  
  9172e54eca613f3f0c49fadfb3f85de1c06bd281c360da1bf944ce958ba4b4ab1e8c6e5cbb15a800c5e2d71d629af99d7af2eceb37422162abb6088302691b65
- SSDEEP
  
  384:zWKm5T9gh+LrV3NLn5KjcEBkyWDdQnW7MbPF:CvUIlNLn5MkjpMW7MbPF
Score

1^/10
behavioral21 behavioral22
- Target
  
  Release/plugins/ScreenControl.dll
- Size
  
  17KB
- MD5
  
  dd0f3d65493829f99635b824aaae91d7
- SHA1
  
  0396ab0068a3fc3524c4ed14822184e7ae8fdac4
- SHA256
  
  6ca6c29f9562bd06fc7c2b96d95fda7a9621c4b980d1a1da61c2845403eb4012
- SHA512
  
  c0d1359c4e9f1ffb2c602a491648f5e98283248dee6df1ef18e515c3950dee9e9676b3ef18e8d9641428381403d529515640b06c380ccd50df3eff70e8fa45b7
- SSDEEP
  
  384:XZDWDn+f+7UK1GqcXJKt3RbSMMb2avWdsEj/b2e:pPVySMFDrb2e
Score

1^/10
behavioral23 behavioral24
- Target
  
  Release/plugins/Shell.dll
- Size
  
  9KB
- MD5
  
  478cdb794cd0b51209f418d36973e7d6
- SHA1
  
  03581ec2635e917ed6da72a0711ba7d97b9b31ff
- SHA256
  
  5e0ab0cc84517a157db29cf592150c78af9ebf0d7275c56e54cba72f4409c6f3
- SHA512
  
  9c379205a2a0c6d37b183656c8e9cc25e56e6d2297dc4426056cdb937446d81fa624a0e785326fab2e593044435c4945a1eebbb0fedf3087648c18a510321428
- SSDEEP
  
  192:y0hBg4l5h+W6+FtyesV7u5guvbEJtZ06hQWYd:y0HrRd59bEJtZ0yQWy
Score

1^/10
behavioral25 behavioral26
- Target
  
  Release/plugins/Startup.dll
- Size
  
  6KB
- MD5
  
  fcd0f7ce0bc384a9ec0a45700b593017
- SHA1
  
  0a87d0a98accbee7b9ba76f4c8c9fa082e2b32e9
- SHA256
  
  b243876c37a4b9f603b3233e9d7217950a64a39cd5f976efc56e3fdaa4c34ee7
- SHA512
  
  283f1dba918cfcf669138eeb612145fe6240d61c66eb6bcac95a1285533e9f364ecdfc16f004692e65293bc1d30967fff20560a0b0fe5124378b9e7b694452e4
- SSDEEP
  
  96:KL2Y9OJCE5Bdx2dix/BKsa7kh+qxH5Bxhj+0p6kGljIzKnMy1MOgM03M:XXfOO7V+0palj2A
Score

1^/10
behavioral27 behavioral28
- Target
  
  Release/plugins/SystemPower.dll
- Size
  
  6KB
- MD5
  
  9037cec7e271e96b26de16b2d6266f58
- SHA1
  
  4aba4dc4c076f850f150ae5607b864675e3e1656
- SHA256
  
  e58cf76a4c921f0303f2ce8a0d57be34161d5d5dc82643789f31f864e6b2d2c1
- SHA512
  
  0ce3d5bd229adaf6e83b76c20b0bd89a5ea571601573cf19ef3b736cd2509f241bbea15de377f85abf08db02d3a2756e0ef1e73d45fe65d7bc7ad97896948550
- SSDEEP
  
  48:6Q0YkMWTBK/pal72gw2wS43qLirMZAxW52Qivmd4M2UP+o1nEGh+4yUJ6xnckqti:x5ah2ZSlNWxW5BxZP+UEL4FksqMl8
Score

1^/10
behavioral29 behavioral30
- Target
  
  Release/plugins/Uacbypass.dll
- Size
  
  15KB
- MD5
  
  50a8d346c3753b29c83ac900de631b93
- SHA1
  
  fb9d7734213e0bd4b6eb3b84a73f21b7d1f2c58d
- SHA256
  
  c7e0725b5f8b7dd2d4798ff4a4463ebbf7c6bff0176245e1528d89a520029c83
- SHA512
  
  530931d89db4e70804d973b67e59ecac250abcdcbf90fc49ae9e5de19c1619486a59627d04ced6fa33535010e590792811ef2d4383ff2d7ef0efcc2e343250a1
- SSDEEP
  
  384:QYLXL+JSznydDFyfl69Wdecb2V/0MoViEBS6YHK:QEYF6698b2xCBS6Yq
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32