xenorat | 2f2764f4cf7f147d0e05ebc817329e4ee20f9abf41bf2d18a0422b6e74525382

General

Target

Atlantisrat.exe
Size

250KB
Sample

241122-2ex1pa1lbz
MD5

6d6b39d2de6789a8c1ebb5b22401bc7b
SHA1

6cec48b082e8839871edd8cebf7df6529a989d66
SHA256

2f2764f4cf7f147d0e05ebc817329e4ee20f9abf41bf2d18a0422b6e74525382
SHA512

a71802ed767b38ad785e5435fcd601f4a650ba6ba863ae1171ee16f3aa7bca4bdf6bcf2dece91557893eb777b76995de2a25f02327839f8d3ee363257c089fbb
SSDEEP

1536:Pw+jjgnyH9XqcnW85SbTvWIFAZ+r/cttjNFH1MB53FvSvoKi8G:Pw+jqs91UbTvE+ri0NgvFi8G

Score

10^/10

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Atlantis

Attributes

delay
1000
install_path
appdata
port
4444
startup_name
nothingset

Targets

- Target
  
  Atlantisrat.exe
- Size
  
  250KB
- MD5
  
  6d6b39d2de6789a8c1ebb5b22401bc7b
- SHA1
  
  6cec48b082e8839871edd8cebf7df6529a989d66
- SHA256
  
  2f2764f4cf7f147d0e05ebc817329e4ee20f9abf41bf2d18a0422b6e74525382
- SHA512
  
  a71802ed767b38ad785e5435fcd601f4a650ba6ba863ae1171ee16f3aa7bca4bdf6bcf2dece91557893eb777b76995de2a25f02327839f8d3ee363257c089fbb
- SSDEEP
  
  1536:Pw+jjgnyH9XqcnW85SbTvWIFAZ+r/cttjNFH1MB53FvSvoKi8G:Pw+jqs91UbTvE+ri0NgvFi8G
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect XenoRat Payload

XenorRat

Xenorat family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2