xenorat | 8d295159cce2778dac9a6bf29ce88e99afb688a5fa68f058a52ab03ca154a501 | Triage

Sharing

General

Target

8d295159cce2778dac9a6bf29ce88e99afb688a5fa68f058a52ab03ca154a501
Size

45KB
Sample

241114-akn67a1hra
MD5

f4107d4e78c5eec963a173ef77c9fe80
SHA1

bb48761742c09b59ba4ed46e7c4a1ec2ce7f92a3
SHA256

8d295159cce2778dac9a6bf29ce88e99afb688a5fa68f058a52ab03ca154a501
SHA512

68b61f68a669253a34f7125b890e3cc59feef9e3144b03a710eb5c442af0dabc35b233c992bdf73db5709b3f9e2a9dd1206b34300ab9a72460d8ba23c636d60d
SSDEEP

768:edhO/poiiUcjlJInJ3EH9Xqk5nWEZ5SbTDaiuI7CPW5V:ow+jjgnlEH9XqcnW85SbTHuId

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

davidkholio.ddns.net

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
nothingset

Targets

- Target
  
  8d295159cce2778dac9a6bf29ce88e99afb688a5fa68f058a52ab03ca154a501
- Size
  
  45KB
- MD5
  
  f4107d4e78c5eec963a173ef77c9fe80
- SHA1
  
  bb48761742c09b59ba4ed46e7c4a1ec2ce7f92a3
- SHA256
  
  8d295159cce2778dac9a6bf29ce88e99afb688a5fa68f058a52ab03ca154a501
- SHA512
  
  68b61f68a669253a34f7125b890e3cc59feef9e3144b03a710eb5c442af0dabc35b233c992bdf73db5709b3f9e2a9dd1206b34300ab9a72460d8ba23c636d60d
- SSDEEP
  
  768:edhO/poiiUcjlJInJ3EH9Xqk5nWEZ5SbTDaiuI7CPW5V:ow+jjgnlEH9XqcnW85SbTHuId
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan