Overview

overview

10

Static

static

3

2024-09-29...uk.exe

windows7-x64

1

2024-09-29...uk.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-09-29_0ecc69497bfd0ed6477cd052abdc26c2_ryuk

  • Size

    12.5MB

  • Sample

    240929-w2d87sydme

  • MD5

    0ecc69497bfd0ed6477cd052abdc26c2

  • SHA1

    026e312c3a6002cbfbcb2522f07b509eedd89c20

  • SHA256

    abc242f7c5ef7c85c38a5101ceb9897032a2e24bbd9558810eb03b9121bf0fcb

  • SHA512

    4beedc6b2afeb395bc34b9384478897c1e6749cb5e6e6403cdf5ec9f7ec4df310bbe56a677a1e82b2e4c17e1a7e91305a507b1c79c29369feab4b02dbb5639a5

  • SSDEEP

    393216:0JLqi6PpxRBQ+7IqVZPoFka4GsHwSrewvEWOxXqOkSR2gvS:7isxR3h8kt1/iw8H2

Score
10/10
xenoratdefense_evasiondiscoveryexecutionrattrojan

Malware Config

Targets

    • Target

      2024-09-29_0ecc69497bfd0ed6477cd052abdc26c2_ryuk

    • Size

      12.5MB

    • MD5

      0ecc69497bfd0ed6477cd052abdc26c2

    • SHA1

      026e312c3a6002cbfbcb2522f07b509eedd89c20

    • SHA256

      abc242f7c5ef7c85c38a5101ceb9897032a2e24bbd9558810eb03b9121bf0fcb

    • SHA512

      4beedc6b2afeb395bc34b9384478897c1e6749cb5e6e6403cdf5ec9f7ec4df310bbe56a677a1e82b2e4c17e1a7e91305a507b1c79c29369feab4b02dbb5639a5

    • SSDEEP

      393216:0JLqi6PpxRBQ+7IqVZPoFka4GsHwSrewvEWOxXqOkSR2gvS:7isxR3h8kt1/iw8H2

    Score
    10/10
    xenoratdefense_evasiondiscoveryexecutionrattrojan

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

      defense_evasion

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks