xenorat | 47c1a3c712327198d08b6dcdbbf589b1b590d73971533cba1deefc95ed2fd11b | Triage

Sharing

General

Target

47c1a3c712327198d08b6dcdbbf589b1b590d73971533cba1deefc95ed2fd11b.exe
Size

45KB
Sample

241124-cne4ssvmfr
MD5

fac7f1e31fc892329844a1b0d6b5ade5
SHA1

ab95a85791703d5a82341ea594aca2780bb3cb20
SHA256

47c1a3c712327198d08b6dcdbbf589b1b590d73971533cba1deefc95ed2fd11b
SHA512

53f783e7cf143a957385572cab76c6a27891cd96e7d4f7064ddbc0ed84c090f7b0849977276db8a142572a9f730c17bed907118c8931017f149593f4c7ff43eb
SSDEEP

768:LbdhO/poiiUcjlJInZXSeH9Xqk5nWEZ5SbTDa8WI7CPW5K:LJw+jjgnNH9XqcnW85SbT9WIC

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

cinasa.duckdns.org

Mutex

pastj

Attributes

delay
5000
install_path
nothingset
port
2424
startup_name
nothingset

Targets

- Target
  
  47c1a3c712327198d08b6dcdbbf589b1b590d73971533cba1deefc95ed2fd11b.exe
- Size
  
  45KB
- MD5
  
  fac7f1e31fc892329844a1b0d6b5ade5
- SHA1
  
  ab95a85791703d5a82341ea594aca2780bb3cb20
- SHA256
  
  47c1a3c712327198d08b6dcdbbf589b1b590d73971533cba1deefc95ed2fd11b
- SHA512
  
  53f783e7cf143a957385572cab76c6a27891cd96e7d4f7064ddbc0ed84c090f7b0849977276db8a142572a9f730c17bed907118c8931017f149593f4c7ff43eb
- SSDEEP
  
  768:LbdhO/poiiUcjlJInZXSeH9Xqk5nWEZ5SbTDa8WI7CPW5K:LJw+jjgnNH9XqcnW85SbT9WIC
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan