Overview

overview

10

Static

static

1

ad.txt

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad.txt

  • Size

    82B

  • Sample

    240914-yqlj9atbkb

  • MD5

    504c8c0e0b0bb9532bcfab0f480eff0c

  • SHA1

    14a792b8f001e126cf7e56f87534967a59d8c5d8

  • SHA256

    8f85f7333ea3637e165803520a1e8513be10b0ea6f42c02fa9fb67ae3f5acd0e

  • SHA512

    705042cb0602e6f3fe515abcfc9b764fb401e8e2ebee2e450159dd61f6018c0c539588f561bba6cc1d49ab188fc918fb60c6f89481ae5956126f651fff7d38d1

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    nothingset

  • port

    5555

  • startup_name

    nothingset

Targets

    • Target

      ad.txt

    • Size

      82B

    • MD5

      504c8c0e0b0bb9532bcfab0f480eff0c

    • SHA1

      14a792b8f001e126cf7e56f87534967a59d8c5d8

    • SHA256

      8f85f7333ea3637e165803520a1e8513be10b0ea6f42c02fa9fb67ae3f5acd0e

    • SHA512

      705042cb0602e6f3fe515abcfc9b764fb401e8e2ebee2e450159dd61f6018c0c539588f561bba6cc1d49ab188fc918fb60c6f89481ae5956126f651fff7d38d1

    Score
    10/10
    xenoratdiscoveryrattrojan

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks