xenorat | f1cc57e8b861331e8bdad79a3823a919144e73da49879d1d326a8be2c20a47b9 | Triage

Submit
Reports

Overview

overview

Static

static

3

c0e69f17e4...0N.exe

windows7-x64

c0e69f17e4...0N.exe

windows10-2004-x64

Sharing

General

Target

c0e69f17e4280f555c04e474daea1550N
Size

240KB
Sample

240914-t8kcpaterq
MD5

c0e69f17e4280f555c04e474daea1550
SHA1

aa4dab6524ff4454dccbfe18a2e9c7f4273c145f
SHA256

f1cc57e8b861331e8bdad79a3823a919144e73da49879d1d326a8be2c20a47b9
SHA512

62d61b9d852994e4b31b7aaf5d243b4c9ccb9d26846cb7e2ca0277e632eb7eff3429f4ab942d07bc9710a983ffeb875ee257fc2961d31a37d9a4eb2b119d8799
SSDEEP

6144:nuwfQNZBN/yx3kJTcqszwMUrSXBO0YyoyXFPI:nuwYNI0JTrMO0YyoyXFg

Score

10^/10

xenorat discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c0e69f17e4280f555c04e474daea1550N.exe

Resource

win7-20240903-en

xenorat discovery rat trojan

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

c0e69f17e4280f555c04e474daea1550N.exe

Resource

win10v2004-20240802-en

xenorat discovery rat trojan

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Extracted

Family

xenorat

C2

154.216.17.155

Mutex

Xeno_rat_nd8912d

Attributes

delay
50000
install_path
appdata
port
1357
startup_name
crsr

Targets

- Target
  
  c0e69f17e4280f555c04e474daea1550N
- Size
  
  240KB
- MD5
  
  c0e69f17e4280f555c04e474daea1550
- SHA1
  
  aa4dab6524ff4454dccbfe18a2e9c7f4273c145f
- SHA256
  
  f1cc57e8b861331e8bdad79a3823a919144e73da49879d1d326a8be2c20a47b9
- SHA512
  
  62d61b9d852994e4b31b7aaf5d243b4c9ccb9d26846cb7e2ca0277e632eb7eff3429f4ab942d07bc9710a983ffeb875ee257fc2961d31a37d9a4eb2b119d8799
- SSDEEP
  
  6144:nuwfQNZBN/yx3kJTcqszwMUrSXBO0YyoyXFPI:nuwYNI0JTrMO0YyoyXFg
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan

© 2018-2025

Terms | Privacy