xenorat | 2e89ff6b1959ae040a5dd304480ddeddb3f76e89695a0370a5b8d4b2845f074b | Triage

Sharing

General

Target

2232323.exe
Size

45KB
Sample

241101-1vjmkaxnaq
MD5

b29c60d18239bd3677b221b369b6d948
SHA1

964606ddf4cf4c10747c3f47f125fb064e572e7b
SHA256

2e89ff6b1959ae040a5dd304480ddeddb3f76e89695a0370a5b8d4b2845f074b
SHA512

56ced4c2607e37ccedadfe3d1e22867396d8da15d920b5e3b7ccd0ac501da4c227948239384d6e0853958565f1cd0fdfbb4f41ebd99528abf8a81aa6a9bac989
SSDEEP

768:xdhO/poiiUcjlJInvvH9Xqk5nWEZ5SbTDaJWI7CPW55:vw+jjgn3H9XqcnW85SbTAWIh

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
nothingset

Targets

- Target
  
  2232323.exe
- Size
  
  45KB
- MD5
  
  b29c60d18239bd3677b221b369b6d948
- SHA1
  
  964606ddf4cf4c10747c3f47f125fb064e572e7b
- SHA256
  
  2e89ff6b1959ae040a5dd304480ddeddb3f76e89695a0370a5b8d4b2845f074b
- SHA512
  
  56ced4c2607e37ccedadfe3d1e22867396d8da15d920b5e3b7ccd0ac501da4c227948239384d6e0853958565f1cd0fdfbb4f41ebd99528abf8a81aa6a9bac989
- SSDEEP
  
  768:xdhO/poiiUcjlJInvvH9Xqk5nWEZ5SbTDaJWI7CPW55:vw+jjgn3H9XqcnW85SbTAWIh
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan