xenorat | 90174afec8bf53b5718abdb2495257926f083cec0d4b90f7d2f7dda29ccbe256 | Triage

Sharing

General

Target

90174afec8bf53b5718abdb2495257926f083cec0d4b90f7d2f7dda29ccbe256.exe
Size

349KB
Sample

240906-bw866syemm
MD5

9202eafd948a7c76d895cf64a4c29266
SHA1

01cf5b9553d08d8255f2e125e9a6272e8b40b7a7
SHA256

90174afec8bf53b5718abdb2495257926f083cec0d4b90f7d2f7dda29ccbe256
SHA512

47e7bb6b613c8f1c358108c7e1447b950109fb6fb0dbf5cadc457f628ad5bdce5874da1ca9fc8a51432c79798c03d869189145725d688500ff009f826a839512
SSDEEP

6144:QocMkAI/pFPeX8yP2jYddBTnETaxzO7KIU4ctjccYnaXYI:JkAEFeXZP2jgTwTFa4ctjccYnaXF

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

154.216.17.155

Mutex

Xeno_rat_nd8912d

Attributes

delay
50000
install_path
appdata
port
1356
startup_name
csvr

Targets

- Target
  
  90174afec8bf53b5718abdb2495257926f083cec0d4b90f7d2f7dda29ccbe256.exe
- Size
  
  349KB
- MD5
  
  9202eafd948a7c76d895cf64a4c29266
- SHA1
  
  01cf5b9553d08d8255f2e125e9a6272e8b40b7a7
- SHA256
  
  90174afec8bf53b5718abdb2495257926f083cec0d4b90f7d2f7dda29ccbe256
- SHA512
  
  47e7bb6b613c8f1c358108c7e1447b950109fb6fb0dbf5cadc457f628ad5bdce5874da1ca9fc8a51432c79798c03d869189145725d688500ff009f826a839512
- SSDEEP
  
  6144:QocMkAI/pFPeX8yP2jYddBTnETaxzO7KIU4ctjccYnaXYI:JkAEFeXZP2jgTwTFa4ctjccYnaXF
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan