Overview

overview

10

Static

static

3

36E570B796...47.exe

windows7-x64

10

36E570B796...47.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36E570B7964F458F06DC81B29802E947.exe

  • Size

    183KB

  • Sample

    241008-nt1hgavfkj

  • MD5

    36e570b7964f458f06dc81b29802e947

  • SHA1

    3d26217dbe9f6c2ab2c78f879e348958f304527c

  • SHA256

    0522d7e6b3fc2fbd36f0d8145de8b564146188d515099d7661de3b4d82e287f4

  • SHA512

    c8045bd9838d415ca3bdc5e39b4e13f796e7f12bb6ba83121324084c75c58c621c2ceb9fbae051908aa582cf3c949bf677856e4272c7cd35427094695d1490e0

  • SSDEEP

    3072:vmXhVaFmIuuXsb0+sMAxUNb8IYaqhObXeEFkXGQYdq7guNDFtmI:vW/FHotDMA6Nb8IYa8ObvFkXGQYdq7gc

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

87.120.116.119

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    1380

  • startup_name

    nothingset

Targets

    • Target

      36E570B7964F458F06DC81B29802E947.exe

    • Size

      183KB

    • MD5

      36e570b7964f458f06dc81b29802e947

    • SHA1

      3d26217dbe9f6c2ab2c78f879e348958f304527c

    • SHA256

      0522d7e6b3fc2fbd36f0d8145de8b564146188d515099d7661de3b4d82e287f4

    • SHA512

      c8045bd9838d415ca3bdc5e39b4e13f796e7f12bb6ba83121324084c75c58c621c2ceb9fbae051908aa582cf3c949bf677856e4272c7cd35427094695d1490e0

    • SSDEEP

      3072:vmXhVaFmIuuXsb0+sMAxUNb8IYaqhObXeEFkXGQYdq7guNDFtmI:vW/FHotDMA6Nb8IYa8ObvFkXGQYdq7gc

    Score
    10/10
    xenoratdiscoveryrattrojan

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks