xenorat | 8abfafa85a7109f7a6b5c010333fe1aa4a9feac5c225a4e7dd87e7ac09efe271 | Triage

Sharing

General

Target

output_script.ps1
Size

60KB
Sample

241115-1s14tsslbt
MD5

d2c91090b3463475fa41bb45e31955da
SHA1

e8caae205de7a85b3857a93516ef60ce9d3fb2ba
SHA256

8abfafa85a7109f7a6b5c010333fe1aa4a9feac5c225a4e7dd87e7ac09efe271
SHA512

ad155fcefd2c3b9df6fabd14ebfaf4e8d73648aa69ee01dfd90c188faa17bf5a0c011049ca3702d77c49a0d770fc288dce7e970173876714d00967bbb627f2fa
SSDEEP

1536:rqzkCPZcgt/fREZ1J5k4rX5uyC+ZgwiHNv+xYEnR6/q:rufnhtvy6S

Score

10^/10

xenorat discovery execution rat trojan

Malware Config

Extracted

Family

xenorat

C2

195.88.218.66

Mutex

Loli

Attributes

delay
5000
install_path
appdata
port
30101
startup_name
Edge

Targets

- Target
  
  output_script.ps1
- Size
  
  60KB
- MD5
  
  d2c91090b3463475fa41bb45e31955da
- SHA1
  
  e8caae205de7a85b3857a93516ef60ce9d3fb2ba
- SHA256
  
  8abfafa85a7109f7a6b5c010333fe1aa4a9feac5c225a4e7dd87e7ac09efe271
- SHA512
  
  ad155fcefd2c3b9df6fabd14ebfaf4e8d73648aa69ee01dfd90c188faa17bf5a0c011049ca3702d77c49a0d770fc288dce7e970173876714d00967bbb627f2fa
- SSDEEP
  
  1536:rqzkCPZcgt/fREZ1J5k4rX5uyC+ZgwiHNv+xYEnR6/q:rufnhtvy6S
Score

10^/10

xenorat discovery execution rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryexecutionrattrojan