xenorat | b9e7ce8956dcb00b56b550035d339beb309d227e907b0b2037ac1278b0711524 | Triage

Submit
Reports

Overview

overview

Static

static

Horionexexecutor.exe

windows7-x64

Horionexexecutor.exe

windows10-2004-x64

Sharing

General

Target

Horionexexecutor.exe
Size

468KB
Sample

241013-v4d6jsyema
MD5

59f30931892470045a237180c4df3566
SHA1

54cd26c02a62cb7af4756b74659bd275e3647fdc
SHA256

b9e7ce8956dcb00b56b550035d339beb309d227e907b0b2037ac1278b0711524
SHA512

091f00e46f8632591c43db97a5b32564fc5fee6a8267bb196209b8e7b914348bfe64c2333df8aba1b2f289882bb90db781fc1c8f55445c88899b572305e87799
SSDEEP

3072:mw+jq8yeF91UbTqLy5dUBoqcPvSqqw1QHgtUOJ/yDPjPVc2WLiK4XVfI2j:TW7yeF91UbHdXrSYiEnJ8b22Wo

Score

10^/10

xenorat discovery rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Horionexexecutor.exe

Resource

win7-20240903-en

xenorat discovery rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Horionexexecutor.exe

Resource

win10v2004-20241007-en

xenorat discovery rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

horion executor

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
horion executor

Targets

- Target
  
  Horionexexecutor.exe
- Size
  
  468KB
- MD5
  
  59f30931892470045a237180c4df3566
- SHA1
  
  54cd26c02a62cb7af4756b74659bd275e3647fdc
- SHA256
  
  b9e7ce8956dcb00b56b550035d339beb309d227e907b0b2037ac1278b0711524
- SHA512
  
  091f00e46f8632591c43db97a5b32564fc5fee6a8267bb196209b8e7b914348bfe64c2333df8aba1b2f289882bb90db781fc1c8f55445c88899b572305e87799
- SSDEEP
  
  3072:mw+jq8yeF91UbTqLy5dUBoqcPvSqqw1QHgtUOJ/yDPjPVc2WLiK4XVfI2j:TW7yeF91UbHdXrSYiEnJ8b22Wo
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan

© 2018-2024

Terms | Privacy