Overview

overview

10

Static

static

10

Arkhavis.exe

windows10-2004-x64

10

Arkhavis.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Arkhavis.exe

  • Size

    45KB

  • Sample

    240912-y8tzcasglj

  • MD5

    1cf6d40fb37a46fa8e586441e4218421

  • SHA1

    d6235a7da398d420f97e57f02faadb12fdec1a9f

  • SHA256

    86bbb24cb5eb36b70ba26e8d56c912707626596f7169ecb72d6897784e83f94a

  • SHA512

    f9d682d4387b209eb4da820eb1b0b4e451588a5888052658a8a9ffe71342be345a16bab7539d6444db7adaf83c0b1b918ddedeaa3a3ab67acecb94d0afe35a43

  • SSDEEP

    768:5dhO/poiiUcjlJInuC2H9Xqk5nWEZ5SbTDaHuI7CPW5R:3w+jjgnP2H9XqcnW85SbTiuIZ

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    Arkhavis

Targets

    • Target

      Arkhavis.exe

    • Size

      45KB

    • MD5

      1cf6d40fb37a46fa8e586441e4218421

    • SHA1

      d6235a7da398d420f97e57f02faadb12fdec1a9f

    • SHA256

      86bbb24cb5eb36b70ba26e8d56c912707626596f7169ecb72d6897784e83f94a

    • SHA512

      f9d682d4387b209eb4da820eb1b0b4e451588a5888052658a8a9ffe71342be345a16bab7539d6444db7adaf83c0b1b918ddedeaa3a3ab67acecb94d0afe35a43

    • SSDEEP

      768:5dhO/poiiUcjlJInuC2H9Xqk5nWEZ5SbTDaHuI7CPW5R:3w+jjgnP2H9XqcnW85SbTiuIZ

    Score
    10/10
    xenoratdiscoveryrattrojan

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks