Overview

overview

10

Static

static

8

ce24313f8b...03.doc

windows7-x64

10

ce24313f8b...03.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce24313f8b01015afc7d6f5e668bd703.doc

  • Size

    193KB

  • Sample

    241208-jzeezaspcn

  • MD5

    ce24313f8b01015afc7d6f5e668bd703

  • SHA1

    d86c8ee00b3f4db999a94557e7ae62ee2cd87c0e

  • SHA256

    b7d50f4fb2342f63f86df5da89e7be2d3490adaccb37a5a6df2c1927c46aec60

  • SHA512

    b5e1f7a31e22afdf20b6b206e3815613714758f091481e15f73ca371f2bccb6833fd4b50c4f53869a315948c0a2e94ad7cb1753a764b0d0d234b5f511bf7b710

  • SSDEEP

    3072:D877VGZ5Sd3b4e0wNZtsqXNKd5AvDJW4S+I/tZ6X1bpF6m:aGZYwAZHMCDJ8/u5pAm

Score
10/10
xenoratdiscoverymacromacro_on_actionrattrojan

Malware Config

Extracted

Family

xenorat

C2

dns.stipamana.com

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    12000

  • install_path

    appdata

  • port

    4567

  • startup_name

    mrec

Targets

    • Target

      ce24313f8b01015afc7d6f5e668bd703.doc

    • Size

      193KB

    • MD5

      ce24313f8b01015afc7d6f5e668bd703

    • SHA1

      d86c8ee00b3f4db999a94557e7ae62ee2cd87c0e

    • SHA256

      b7d50f4fb2342f63f86df5da89e7be2d3490adaccb37a5a6df2c1927c46aec60

    • SHA512

      b5e1f7a31e22afdf20b6b206e3815613714758f091481e15f73ca371f2bccb6833fd4b50c4f53869a315948c0a2e94ad7cb1753a764b0d0d234b5f511bf7b710

    • SSDEEP

      3072:D877VGZ5Sd3b4e0wNZtsqXNKd5AvDJW4S+I/tZ6X1bpF6m:aGZYwAZHMCDJ8/u5pAm

    Score
    10/10
    xenoratdiscoveryrattrojan

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Xenorat family

      xenorat

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks