Overview

overview

10

Static

static

10

Ro-Aimbot.exe

windows7-x64

10

Ro-Aimbot.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ro-Aimbot.exe

  • Size

    45KB

  • Sample

    241005-pbnxdsxdnh

  • MD5

    2c06419f8810e416616ce7cae79e805e

  • SHA1

    a34a5dc3e77b6f0168a45b7deb29a8b2d1c2c5d1

  • SHA256

    2c113e88191ce895f1559e9ea794b1d7023d704ed5293c74d3b797900492c8cf

  • SHA512

    aee4105cc93d843013896d70b49f2ef269f152e2287340e13914c5825147f843beea3c33f2657b6cba29f9838007f9d6b2b942dec1382260f11975f4e4c414c9

  • SSDEEP

    768:HdhO/poiiUcjlJInobqmH9Xqk5nWEZ5SbTDaTWI7CPW5j:9w+jjgnKH9XqcnW85SbTKWI7

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

RobloxCheates

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4782

  • startup_name

    JavaUpdate

Targets

    • Target

      Ro-Aimbot.exe

    • Size

      45KB

    • MD5

      2c06419f8810e416616ce7cae79e805e

    • SHA1

      a34a5dc3e77b6f0168a45b7deb29a8b2d1c2c5d1

    • SHA256

      2c113e88191ce895f1559e9ea794b1d7023d704ed5293c74d3b797900492c8cf

    • SHA512

      aee4105cc93d843013896d70b49f2ef269f152e2287340e13914c5825147f843beea3c33f2657b6cba29f9838007f9d6b2b942dec1382260f11975f4e4c414c9

    • SSDEEP

      768:HdhO/poiiUcjlJInobqmH9Xqk5nWEZ5SbTDaTWI7CPW5j:9w+jjgnKH9XqcnW85SbTKWI7

    Score
    10/10
    xenoratdiscoveryrattrojan

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks