xenorat | 3112a7d89b1501287adc07bee141cb5d01fb6072a8600aa571fe81b0f1bc15af | Triage

Submit
Reports

Overview

overview

Static

static

viruses.exe

windows7-x64

viruses.exe

windows10-1703-x64

viruses.exe

windows10-2004-x64

viruses.exe

windows11-21h2-x64

Sharing

General

Target

viruses.exe
Size

212KB
Sample

240908-ek1bnsxana
MD5

da012664ec1359efc6bee1a1f7ceb336
SHA1

e3699468cc560df41ae5581037188f9ea428242c
SHA256

3112a7d89b1501287adc07bee141cb5d01fb6072a8600aa571fe81b0f1bc15af
SHA512

2004842c9d25ee3a380167e00494b064067717daf981fc483e1890676e842ef0f02d3d7d9eabb951bfdf84697760e79fc6b4ac65678d1db22f5f02c5562d4a76
SSDEEP

1536:Pw+jjgnWH9XqcnW85SbT2WIIUqo6nZ8f8:Pw+jqY91UbT2uC6nc8

Score

10^/10

xenorat discovery rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

viruses.exe

Resource

win7-20240903-en

xenorat discovery rat trojan

windows7-x64

14 signatures

30 seconds

Behavioral task

behavioral2

Sample

viruses.exe

Resource

win10-20240404-en

xenorat discovery rat trojan

windows10-1703-x64

15 signatures

30 seconds

Behavioral task

behavioral3

Sample

viruses.exe

Resource

win10v2004-20240802-en

xenorat discovery rat trojan

windows10-2004-x64

16 signatures

30 seconds

Behavioral task

behavioral4

Sample

viruses.exe

Resource

win11-20240802-en

xenorat discovery rat trojan

windows11-21h2-x64

15 signatures

30 seconds

Malware Config

Extracted

Family

xenorat

C2

tragiciscool-36173.portmap.host

Mutex

hatetranspeople@123-skids-only-downloaded-this-shit-lmao!

Attributes

delay
1
install_path
appdata
port
36173
startup_name
Windows Defender

Targets

- Target
  
  viruses.exe
- Size
  
  212KB
- MD5
  
  da012664ec1359efc6bee1a1f7ceb336
- SHA1
  
  e3699468cc560df41ae5581037188f9ea428242c
- SHA256
  
  3112a7d89b1501287adc07bee141cb5d01fb6072a8600aa571fe81b0f1bc15af
- SHA512
  
  2004842c9d25ee3a380167e00494b064067717daf981fc483e1890676e842ef0f02d3d7d9eabb951bfdf84697760e79fc6b4ac65678d1db22f5f02c5562d4a76
- SSDEEP
  
  1536:Pw+jjgnWH9XqcnW85SbT2WIIUqo6nZ8f8:Pw+jqY91UbT2uC6nc8
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan

behavioral3

xenoratdiscoveryrattrojan

behavioral4

xenoratdiscoveryrattrojan

© 2018-2024

Terms | Privacy