xenorat | 59cd7e7b0c1c0760cb9499775184b02d8a8e3188bacd9420b04987b0b5724eb5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

59cd7e7b0c...b5.exe

windows7-x64

59cd7e7b0c...b5.exe

windows10-2004-x64

Sharing

General

Target

59cd7e7b0c1c0760cb9499775184b02d8a8e3188bacd9420b04987b0b5724eb5.exe
Size

3.9MB
Sample

241207-c6aa9sxmgj
MD5

9ce8e0cbb54f24de304851e0b7226c0a
SHA1

1db4c3d746ea0ad15e98ed3a2b96c2ca09fb1366
SHA256

59cd7e7b0c1c0760cb9499775184b02d8a8e3188bacd9420b04987b0b5724eb5
SHA512

fe5fd7e0f40074e45ad5a1709ff72670d47c2cb5e383cc9f6f4baccb21374a334d2ca1d970534f8815ae9a68c1e1f27b6517e3f8eb0a365b390686d61d0e97f8
SSDEEP

98304:xIQjojuFS4tTWv+uwCu48dIrvmnpE4h5CG4DdtED/:2KsovGIL5eG+C/

Score

10^/10

xenorat discovery evasion rat themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

59cd7e7b0c1c0760cb9499775184b02d8a8e3188bacd9420b04987b0b5724eb5.exe

Resource

win7-20240729-en

xenorat discovery evasion rat themida trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

59cd7e7b0c1c0760cb9499775184b02d8a8e3188bacd9420b04987b0b5724eb5.exe

Resource

win10v2004-20241007-en

xenorat discovery evasion rat themida trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

xenorat

C2

96.126.118.61

Mutex

Microsoft Windows_3371808

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
svchost.exe

Targets

- Target
  
  59cd7e7b0c1c0760cb9499775184b02d8a8e3188bacd9420b04987b0b5724eb5.exe
- Size
  
  3.9MB
- MD5
  
  9ce8e0cbb54f24de304851e0b7226c0a
- SHA1
  
  1db4c3d746ea0ad15e98ed3a2b96c2ca09fb1366
- SHA256
  
  59cd7e7b0c1c0760cb9499775184b02d8a8e3188bacd9420b04987b0b5724eb5
- SHA512
  
  fe5fd7e0f40074e45ad5a1709ff72670d47c2cb5e383cc9f6f4baccb21374a334d2ca1d970534f8815ae9a68c1e1f27b6517e3f8eb0a365b390686d61d0e97f8
- SSDEEP
  
  98304:xIQjojuFS4tTWv+uwCu48dIrvmnpE4h5CG4DdtED/:2KsovGIL5eG+C/
Score

10^/10

xenorat discovery evasion rat themida trojan
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryevasionratthemidatrojan

behavioral2

xenoratdiscoveryevasionratthemidatrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.