xenorat | a10ceb030849738fb5c0c2b03b63428979b2f14047cbf1501fa7ff626f0e30a1 | Triage

Submit
Reports

Overview

overview

Static

static

SleezyPermSpoofer.exe

windows7-x64

SleezyPermSpoofer.exe

windows10-2004-x64

Sharing

General

Target

SleezyPermSpoofer.exe
Size

78KB
Sample

240930-ntz7pstblm
MD5

7628121165d4796f1ead2df63225b7e2
SHA1

56e0300ef52e9ef736d266a07cabf9b5bdee3c3e
SHA256

a10ceb030849738fb5c0c2b03b63428979b2f14047cbf1501fa7ff626f0e30a1
SHA512

fe9808eb871ed5ac7a08be5ec19532ddd2148c3ad4b179b7e51a378bc6ad656f5d0aafaed3837f6f0b9ef7fc361ccd8e3937cc1a4e8a33e2220fe81b8f20f0f8
SSDEEP

1536:QNo/jOtwwm0ZvHTPkorpS/WEQ55HL6VG28SPCYbxfE:QRm09dP5HLfSKYbxfE

Score

10^/10

xenorat discovery rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

SleezyPermSpoofer.exe

Resource

win7-20240903-en

xenorat discovery rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

SleezyPermSpoofer.exe

Resource

win10v2004-20240802-en

xenorat discovery rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  SleezyPermSpoofer.exe
- Size
  
  78KB
- MD5
  
  7628121165d4796f1ead2df63225b7e2
- SHA1
  
  56e0300ef52e9ef736d266a07cabf9b5bdee3c3e
- SHA256
  
  a10ceb030849738fb5c0c2b03b63428979b2f14047cbf1501fa7ff626f0e30a1
- SHA512
  
  fe9808eb871ed5ac7a08be5ec19532ddd2148c3ad4b179b7e51a378bc6ad656f5d0aafaed3837f6f0b9ef7fc361ccd8e3937cc1a4e8a33e2220fe81b8f20f0f8
- SSDEEP
  
  1536:QNo/jOtwwm0ZvHTPkorpS/WEQ55HL6VG28SPCYbxfE:QRm09dP5HLfSKYbxfE
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan

© 2018-2024

Terms | Privacy