xenorat | 6f627ccaede437d4768d2bd22d6f9172077d45f239a1aeec8eaa75cf0f2f6f4d

Sharing

Copy URL

Twitter E-mail

General

Target

image logger V2.zip
Size

163KB
Sample

240908-25bkdaserf
MD5

e5849c5c4b94626f2efe6e1484e39471
SHA1

bc55f5c6dca017f2d090b006003abf6bd540a3bf
SHA256

6f627ccaede437d4768d2bd22d6f9172077d45f239a1aeec8eaa75cf0f2f6f4d
SHA512

d8696f0a782d890c66b7a1bb5a0106eda19f13c0da553211923043da2669c594eee7dc567b30e13b5e12661cf8bce5c34fc8dc0cd8b3aa81c01d98b0ebc544ea
SSDEEP

3072:0Hn8b/nedxj2zqZkfJfw+jqX491UbTKzT+1kUPR/yOKqpnfq5N0:oyqZkfqWd91UbnzP8Olc0

Score

10^/10

Malware Config

Extracted

Family

xenorat

192.168.1.164

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
java updater

Targets

- Target
  
  image logger V2/builder.py
- Size
  
  47KB
- MD5
  
  6244204ef58c4de2e459f9a4bb520635
- SHA1
  
  fe74e028e4528147cfa7a657cbe091bf6c565d27
- SHA256
  
  1619c0ac9446408cb9ef09c2aeceee06883a9dc3ee527f6aa302436a5709a04d
- SHA512
  
  e20911eeb1abba404f41eec215aa3e4f8eb4e0725131541462dd40290a34cae4f0f8ff3d50f7f176c796d37a8cbcde0edaeffa85cc6611cf0ae2f2d0e131552c
- SSDEEP
  
  768:ZIWv2dyd4tCyGdHXYHg8VShYVh9Fbedxkk2zWtZkfb:ZIWvkGd0gWyY/bbedxj2zqZkfb
Score

3^/10
behavioral1
- Target
  
  image logger V2/imageloggerV2.exe
- Size
  
  45KB
- MD5
  
  7b4b9400a241fff39ed69caf21a2bfff
- SHA1
  
  418c0cce490a23fb0845bd1126cd40d573592ce0
- SHA256
  
  a64fb3bf19974ad4369f1cbf8ab7cd5cf598462fb623788f9fd51b86b8361839
- SHA512
  
  dda3bdb11484b0f9ce83f39c7d9356fce18225775678a78d1454a1c943255b5f86a3f6deab19f575cf9596444031d97d13b62ecaa46c5c52f5c45df45b6020d0
- SSDEEP
  
  768:pdhO/poiiUcjlJInWC2H9Xqk5nWEZ5SbTDanuI7CPW5R:nw+jjgnX2H9XqcnW85SbTKuIJ
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
behavioral2
- Target
  
  image logger V2/loader.py
- Size
  
  651B
- MD5
  
  b1ea45935d1e59c8864f8ff7cda184cc
- SHA1
  
  b3c8590365273edfc33d1e2e495815595b58410c
- SHA256
  
  7b1f5c9368279f6ef42b6cf507990aa3bc6b74a69d6b987237e051e3db8c9f07
- SHA512
  
  06ad78ab9dee41d8cb472973dd6bd63fe22c0657c143e04d5647ca524f2ded1948adcdd4a2f052fdbb423d12f2d36f4a967b705cc3f68a8667ab3b86ddb21d1e
Score

3^/10
behavioral3
- Target
  
  image logger V2/tools/__pycache__/sigthief.cpython-311.pyc
- Size
  
  17KB
- MD5
  
  7289dfc40ad03586b66ee32894af1570
- SHA1
  
  66487020d17a5aa207074a0e0415fd8c799b7c0e
- SHA256
  
  a135714390bc953a2d9add7c448fdcd004c604f4e1fcfd9baf9621a6d6fc20da
- SHA512
  
  cb965b51510601b717214970b3e17b6df562f57ba655acd4aee441e4787e5bb7cce54e31685c8994e0ea6c257aeb7b4b6ff53daaca53c87abce18871cdbb5546
- SSDEEP
  
  192:d+r3oEmxQlq2qYEqG2my7lIz29d8pRmBDvW2AjCIwxgpEnennnnnndnnnndVK1Ey:kExQY/YEqGqhISvBjtAjl1t8iu1
Score

3^/10
behavioral4
- Target
  
  image logger V2/tools/__pycache__/upx.cpython-311.pyc
- Size
  
  3KB
- MD5
  
  1d0b1dd6e5760da51110f5f6a0333396
- SHA1
  
  16e73423dd73b53304d7180458a2aa65e295a50b
- SHA256
  
  a0069a2739d6c217d8f75e08cc9ca5c51d854cc1eb1ee20393e9a63ee04e22e0
- SHA512
  
  bb8c94f1d75f871ed8b6175dff6609d98d2e5d4200e7068a3658d0e0f6d075d9cc73ed631162012775e22726365ff5729231f57b2b87071bb638576b3209caff
Score

3^/10
behavioral5
- Target
  
  image logger V2/tools/obfuscation.py
- Size
  
  17KB
- MD5
  
  bda2bd11fe2b71638ec5260f223df3d6
- SHA1
  
  8c5bc08206bfbdcec999e37b1a487f6e71016450
- SHA256
  
  f16ebafbddde6335a329eb294bc5234cac3f2d36461a23b3ca0f5b0a5e3e1faa
- SHA512
  
  5b6e6b74898362e7f311f1b4ed67dd793afca9fafd810ef44e2fd815e738f858a270f92c652aa17096eb90b61bbaea33751f99b5fc5791e3167f1d14397ead3e
- SSDEEP
  
  384:WyaTMf6XTC5sblt0uevZr9g7zDRULSNKw/TKpVqNry1Ifq5aM:WPXBkOPSqpymfq5z
Score

3^/10
behavioral6
- Target
  
  image logger V2/tools/sigthief.py
- Size
  
  10KB
- MD5
  
  1be0d01d21dbb3751282eb7ed647873b
- SHA1
  
  e475be8d256eec456f64cbd5d3f603fb6aa7be6b
- SHA256
  
  9b7c335f3898b7b2564d1ab484c0b271a8c0e6ea679cf1390d1e6fce2553517a
- SHA512
  
  a934697fa989a414bfe889d36ffebf7001718f1005351bd51f9ef8b4727b9f08da9f10c23b970af8c63dcdaa0f7babcf200d863c8cc69f6eaa63d300f7a07cdf
- SSDEEP
  
  192:gPj5U9+6E0yWYSF/DwI6CRH2dCYwqSfU15dkAJH:gKyMSfUU1l
Score

3^/10
behavioral7
- Target
  
  image logger V2/tools/update.py
- Size
  
  2KB
- MD5
  
  8a6e292241e15194d5575bceae8dc70a
- SHA1
  
  ebbd4a341940ee63a4b1e19064d4ea037c556991
- SHA256
  
  58ce253dc08b47731e3ec7deebff297240cf7351ec3a832a3ca0c9a9dd55efb1
- SHA512
  
  9fd9e69d8d7d48b470c5d1630da6341d8b0bc2aa64a175291498e2592a45c8a8f372e8dcef5a8c18cc88d3467d3c42dea56ffdc4ba7b68988b38c5e64d157b09
Score

3^/10
behavioral8
- Target
  
  image logger V2/tools/updater.py
- Size
  
  1KB
- MD5
  
  b04f85b20f9061916b7248423867640c
- SHA1
  
  0fd79334f83e4714e7dae46fceba0b2a572c2cf1
- SHA256
  
  a06bf52c9e9961015d098860e17b0b6710c4ad656f717287be4786471cd5000d
- SHA512
  
  3b2bd15cf4685e49bf78a1279857b4bca6c36c4b2164f7b67b7129b60cbbc53cdb7560841e1c641945f7c9e5e6dd15db995040a625ca1b1b144d37851bddb436
Score

3^/10
behavioral9
- Target
  
  image logger V2/tools/upx.py
- Size
  
  1018B
- MD5
  
  cf4dbd207a5837c321d16355cb230ed6
- SHA1
  
  a6748651608bc650b3c826d9b6feb224cca1fcab
- SHA256
  
  4e243cf291985108ca727b92ffe43a74af6e4b692846572b0aa147735278f844
- SHA512
  
  e8565d325a38c5ab49ce142251b5205bb34dcfb5c1ba9b1a17bf403387fb8f5e95b5f8b95431298cf32fb7b7293adcc75bb490fb17465777b0e3c500df97839b
Score

3^/10
behavioral10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect XenoRat Payload

XenorRat

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10