xenorat | 539a58a1170401dbb64c402f4e03b1c9883d30672b75198ffda7bb9640484510 | Triage

Submit
Reports

Overview

overview

Static

static

3

EzFN-Manager.exe

windows11-21h2-x64

Sharing

General

Target

EzFN-Manager.exe
Size

10.4MB
Sample

241026-hvwm1sseqr
MD5

1f24ca7841dd7d5328febbc5a8518798
SHA1

5424c27529156e0ab6901a4a4b46960bbaffbe09
SHA256

539a58a1170401dbb64c402f4e03b1c9883d30672b75198ffda7bb9640484510
SHA512

d91dac18fbab67481faa1092eff9b0483a42b2db49ad36b09a5b96e43c05632be3779cac2020bacf979b5efe0f4571c80f68de2ff4caeb99a836cf21bc5f62d7
SSDEEP

196608:kM8XyYXdMb+KCbyxS0rSZ3XEAC5D8pWvLjvROiqofozrF3DW8TKLlf8U6BhdXrOP:kM8Wb+zs43XEnl8pqLjvROiqofozZ3Dg

Score

10^/10

xenorat defense_evasion discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

EzFN-Manager.exe

Resource

win11-20241007-en

xenorat defense_evasion discovery rat trojan

windows11-21h2-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

xenorat

C2

kooper420-24319.portmap.host

Mutex

Microsoft

Attributes

install_path
appdata
port
24319
startup_name
Mobile Device

Targets

- Target
  
  EzFN-Manager.exe
- Size
  
  10.4MB
- MD5
  
  1f24ca7841dd7d5328febbc5a8518798
- SHA1
  
  5424c27529156e0ab6901a4a4b46960bbaffbe09
- SHA256
  
  539a58a1170401dbb64c402f4e03b1c9883d30672b75198ffda7bb9640484510
- SHA512
  
  d91dac18fbab67481faa1092eff9b0483a42b2db49ad36b09a5b96e43c05632be3779cac2020bacf979b5efe0f4571c80f68de2ff4caeb99a836cf21bc5f62d7
- SSDEEP
  
  196608:kM8XyYXdMb+KCbyxS0rSZ3XEAC5D8pWvLjvROiqofozrF3DW8TKLlf8U6BhdXrOP:kM8Wb+zs43XEnl8pqLjvROiqofozZ3Dg
Score

10^/10

xenorat defense_evasion discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdefense_evasiondiscoveryrattrojan

© 2018-2025

Terms | Privacy