xenorat | aeaddf5c020d0e9bfe4583bf644b33b0dda2267499a4c474a7fa8db8b1559f87 | Triage

Sharing

General

Target

aeaddf5c020d0e9bfe4583bf644b33b0dda2267499a4c474a7fa8db8b1559f87.exe
Size

46KB
Sample

241206-lwtfts1pgv
MD5

3ec7d023e67868e60fd907f9ca710992
SHA1

12820d788e02d504e2a6e557ccd96a135340a215
SHA256

aeaddf5c020d0e9bfe4583bf644b33b0dda2267499a4c474a7fa8db8b1559f87
SHA512

4b3c4ef80b435d1f42d0ff8e0e1a7f9e8748d9d01ff6874ca1a1607cb331dddd318e457d25a575288c6519d4d65e2298bef59ca0a0e90e3c4cdef5cb6f962bb5
SSDEEP

768:elh0npoiiUcjlJInezbbqrCPZ5Sb/D/4yI3vW5n:wuWjjgngbbMo5Sb/MyIS

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

96.126.118.61

Mutex

lokai_je_bruh_1337

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
Usermode Disk Driver Host

Targets

- Target
  
  aeaddf5c020d0e9bfe4583bf644b33b0dda2267499a4c474a7fa8db8b1559f87.exe
- Size
  
  46KB
- MD5
  
  3ec7d023e67868e60fd907f9ca710992
- SHA1
  
  12820d788e02d504e2a6e557ccd96a135340a215
- SHA256
  
  aeaddf5c020d0e9bfe4583bf644b33b0dda2267499a4c474a7fa8db8b1559f87
- SHA512
  
  4b3c4ef80b435d1f42d0ff8e0e1a7f9e8748d9d01ff6874ca1a1607cb331dddd318e457d25a575288c6519d4d65e2298bef59ca0a0e90e3c4cdef5cb6f962bb5
- SSDEEP
  
  768:elh0npoiiUcjlJInezbbqrCPZ5Sb/D/4yI3vW5n:wuWjjgngbbMo5Sb/MyIS
Score

10^/10

xenorat discovery rat trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan