xenorat | 3f43d97c072c3f0036843ff4f0f7b9545e867bb1bcaedad4306878570f11e5cd | Triage

Sharing

General

Target

cce.exe
Size

45KB
Sample

240929-rawlysxbmm
MD5

18adc608d089e4f05ad09c9e9b1be433
SHA1

f82e2c7e1c863566f17266340ff4107818bcab78
SHA256

3f43d97c072c3f0036843ff4f0f7b9545e867bb1bcaedad4306878570f11e5cd
SHA512

21057e5bc02bf313dd04e4061df0606f2f5634b8d688d7c7072a2f22aac2e170273fa651355a8bd7c8bb9a819a47f9769a7e2af12a22c985bca17edcf0d6edac
SSDEEP

768:cdhO/poiiUcjlJIn1lH9Xqk5nWEZ5SbTDa0WI7CPW5h:Ww+jjgnLH9XqcnW85SbTtWI5

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

0.tcp.eu.ngrok.io

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
17931
startup_name
nothingset

Targets

- Target
  
  cce.exe
- Size
  
  45KB
- MD5
  
  18adc608d089e4f05ad09c9e9b1be433
- SHA1
  
  f82e2c7e1c863566f17266340ff4107818bcab78
- SHA256
  
  3f43d97c072c3f0036843ff4f0f7b9545e867bb1bcaedad4306878570f11e5cd
- SHA512
  
  21057e5bc02bf313dd04e4061df0606f2f5634b8d688d7c7072a2f22aac2e170273fa651355a8bd7c8bb9a819a47f9769a7e2af12a22c985bca17edcf0d6edac
- SSDEEP
  
  768:cdhO/poiiUcjlJIn1lH9Xqk5nWEZ5SbTDa0WI7CPW5h:Ww+jjgnLH9XqcnW85SbTtWI5
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan