xenorat | 7c6128c14c5b288d416ac1bf21867189707461a9e2fa7751242c4442a60fbc26 | Triage

Sharing

General

Target

bootstrapper.exe
Size

45KB
Sample

241006-h28k6azaka
MD5

e81a0f3b4984dec8536b391263fa387d
SHA1

e93a4e6c2c1deed94da6fccfd0500c71f4a8fab0
SHA256

7c6128c14c5b288d416ac1bf21867189707461a9e2fa7751242c4442a60fbc26
SHA512

888f75ac223a4f31e152d6943fa4030789cdb3a5d75ef529d3541ec6d109afdae8fbfc5434e3afae9c59db9b6616caae83c09b996546153d4ae3591eb5f7520b
SSDEEP

768:hdhO/poiiUcjlJIngtUH9Xqk5nWEZ5SbTDacWI7CPW55:fw+jjgnuUH9XqcnW85SbT1WIB

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
temp
port
4444
startup_name
Client

Targets

- Target
  
  bootstrapper.exe
- Size
  
  45KB
- MD5
  
  e81a0f3b4984dec8536b391263fa387d
- SHA1
  
  e93a4e6c2c1deed94da6fccfd0500c71f4a8fab0
- SHA256
  
  7c6128c14c5b288d416ac1bf21867189707461a9e2fa7751242c4442a60fbc26
- SHA512
  
  888f75ac223a4f31e152d6943fa4030789cdb3a5d75ef529d3541ec6d109afdae8fbfc5434e3afae9c59db9b6616caae83c09b996546153d4ae3591eb5f7520b
- SSDEEP
  
  768:hdhO/poiiUcjlJIngtUH9Xqk5nWEZ5SbTDacWI7CPW55:fw+jjgnuUH9XqcnW85SbT1WIB
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan