xenorat | 965a32e8b7471c231484f575318a8d4ce4ce442ad7644a330515ace6f5678465 | Triage

Submit
Reports

Overview

overview

Static

static

sus.exe

windows10-2004-x64

Sharing

General

Target

sus.exe
Size

45KB
Sample

241130-q8qypazmbk
MD5

abc9eef67fe0bd1ec7a09ded620a3d76
SHA1

e6ac893dbbb2fbe449463b75ec6831df208ee9af
SHA256

965a32e8b7471c231484f575318a8d4ce4ce442ad7644a330515ace6f5678465
SHA512

f5ebd783897035b6b973b29d6913870af02099ca231bc8eaec5aa8d17776846683fd385cbed46d6010b01cf515caa37a694e9b3a0c6a27b73fd9a0454a666293
SSDEEP

768:NdhO/poiiUcjlJIn2wH9Xqk5nWEZ5SbTDacWI7CPW5c:Dw+jjgnnH9XqcnW85SbTNWIk

Score

10^/10

xenorat discovery rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

sus.exe

Resource

win10v2004-20241007-en

xenorat discovery rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

xenorat

C2

lesbian-failures.gl.at.ply.gg

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
temp
port
11241
startup_name
suss.exe

Targets

- Target
  
  sus.exe
- Size
  
  45KB
- MD5
  
  abc9eef67fe0bd1ec7a09ded620a3d76
- SHA1
  
  e6ac893dbbb2fbe449463b75ec6831df208ee9af
- SHA256
  
  965a32e8b7471c231484f575318a8d4ce4ce442ad7644a330515ace6f5678465
- SHA512
  
  f5ebd783897035b6b973b29d6913870af02099ca231bc8eaec5aa8d17776846683fd385cbed46d6010b01cf515caa37a694e9b3a0c6a27b73fd9a0454a666293
- SSDEEP
  
  768:NdhO/poiiUcjlJIn2wH9Xqk5nWEZ5SbTDacWI7CPW5c:Dw+jjgnnH9XqcnW85SbTNWIk
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

© 2018-2024

Terms | Privacy