xenorat | 3c17536c9824395560e1c82edf9fd329018a30443408220bd8f69e03c4d23bbd | Triage

Sharing

General

Target

3c17536c9824395560e1c82edf9fd329018a30443408220bd8f69e03c4d23bbd.exe
Size

45KB
Sample

241124-m1lr8awnc1
MD5

f1328e251cf2393078be810afacde1f9
SHA1

e0638a74e19cb95057442460daec0dec14379063
SHA256

3c17536c9824395560e1c82edf9fd329018a30443408220bd8f69e03c4d23bbd
SHA512

5744ddafaa8b3913382ca9bd3fc1650109bd4368a8870517e59057881e1a5a9eb91689bdc545edd4b22a8f0652d7c93fde29a0e67866c06f0f3f3f984a587ab1
SSDEEP

768:LbdhO/poiiUcjlJInZXSeH9Xqk5nWEZ5SbTDa8WI7CPW5Kj:LJw+jjgnNH9XqcnW85SbT9WICj

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

cinasa.duckdns.org

Mutex

pastj

Attributes

delay
5000
install_path
nothingset
port
2424
startup_name
nothingset

Targets

- Target
  
  3c17536c9824395560e1c82edf9fd329018a30443408220bd8f69e03c4d23bbd.exe
- Size
  
  45KB
- MD5
  
  f1328e251cf2393078be810afacde1f9
- SHA1
  
  e0638a74e19cb95057442460daec0dec14379063
- SHA256
  
  3c17536c9824395560e1c82edf9fd329018a30443408220bd8f69e03c4d23bbd
- SHA512
  
  5744ddafaa8b3913382ca9bd3fc1650109bd4368a8870517e59057881e1a5a9eb91689bdc545edd4b22a8f0652d7c93fde29a0e67866c06f0f3f3f984a587ab1
- SSDEEP
  
  768:LbdhO/poiiUcjlJInZXSeH9Xqk5nWEZ5SbTDa8WI7CPW5Kj:LJw+jjgnNH9XqcnW85SbT9WICj
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan