Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-09-2024 06:25

General

  • Target

    84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe

  • Size

    45KB

  • MD5

    5b3f57b1d811d88346716113e7065670

  • SHA1

    979019d60baf35022d7dec4ceaad24be9406ea0b

  • SHA256

    84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bb

  • SHA512

    b22d791ce20e72f3b3f8227d2ba22a1544b77ecc7a166c676ad8abb1dbfcf17a4bb9d71e7da92d886ab462000b961933b80ae851a776a94e3ead3d75b16cd028

  • SSDEEP

    768:rdhO/poiiUcjlJIn2HH9Xqk5nWEZ5SbTDaeuI7CPW5p:Zw+jjgncH9XqcnW85SbTbuIx

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

qw14gwerf

Attributes
  • delay

    5000

  • install_path

    nothingset

  • port

    443

  • startup_name

    nothingset

Signatures

  • Detect XenoRat Payload 1 IoCs
  • XenorRat

    XenorRat is a remote access trojan written in C#.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe
    "C:\Users\Admin\AppData\Local\Temp\84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:3016

Network

    No results found
  • 127.0.0.1:443
    84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe
  • 127.0.0.1:443
    84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe
  • 127.0.0.1:443
    84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe
  • 127.0.0.1:443
    84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe
  • 127.0.0.1:443
    84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe
  • 127.0.0.1:443
    84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe
  • 127.0.0.1:443
    84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe
  • 127.0.0.1:443
    84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe
  • 127.0.0.1:443
    84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe
  • 127.0.0.1:443
    84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe
  • 127.0.0.1:443
    84819dc1cbe38af270eb808549bfa13de8398cbe65d98a79e55dba9f79a403bbN.exe
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3016-0-0x0000000074CAE000-0x0000000074CAF000-memory.dmp

    Filesize

    4KB

  • memory/3016-1-0x00000000012B0000-0x00000000012C2000-memory.dmp

    Filesize

    72KB

  • memory/3016-2-0x0000000074CA0000-0x000000007538E000-memory.dmp

    Filesize

    6.9MB

  • memory/3016-3-0x0000000074CAE000-0x0000000074CAF000-memory.dmp

    Filesize

    4KB

  • memory/3016-4-0x0000000074CA0000-0x000000007538E000-memory.dmp

    Filesize

    6.9MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.