General

  • Target

    071b34db990e638a009be9150667028f.exe

  • Size

    50KB

  • Sample

    240921-rbkwvawcql

  • MD5

    071b34db990e638a009be9150667028f

  • SHA1

    65543849fe430e318eaecfda9df0e83ba1295100

  • SHA256

    b74d5e183bf67a8eb626871a81386a832270929adbb554d568f7988494052e41

  • SHA512

    8d2b2d3a358f9c95d125b73b58058a1408cc360818e28bb9667f5a82edc7216f7205778413682d8e9548dafced304c07ad0fcb669672201dd0fe01294ad3c5f5

  • SSDEEP

    1536:8SqFroF0UEPmLCEQjkaKFW8TnWfrjAzRVfY4oxIh:8SqFJPXKE8rSrjAY4os

Malware Config

Targets

    • Target

      071b34db990e638a009be9150667028f.exe

    • Size

      50KB

    • MD5

      071b34db990e638a009be9150667028f

    • SHA1

      65543849fe430e318eaecfda9df0e83ba1295100

    • SHA256

      b74d5e183bf67a8eb626871a81386a832270929adbb554d568f7988494052e41

    • SHA512

      8d2b2d3a358f9c95d125b73b58058a1408cc360818e28bb9667f5a82edc7216f7205778413682d8e9548dafced304c07ad0fcb669672201dd0fe01294ad3c5f5

    • SSDEEP

      1536:8SqFroF0UEPmLCEQjkaKFW8TnWfrjAzRVfY4oxIh:8SqFJPXKE8rSrjAY4os

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks