Overview

overview

10

Static

static

10

SolaraBoot...er.exe

windows7-x64

10

SolaraBoot...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SolaraBootstrapper.exe

  • Size

    45KB

  • Sample

    241208-ycmv6axrak

  • MD5

    1fa704059ed0497d9532b6312249475a

  • SHA1

    1bee85f227d135158fe623f40380b22770f57c25

  • SHA256

    dc49a2770d20bbc6da5b94d9f36ee79a63769c0e231b223e64dc2999ceb51c01

  • SHA512

    60ee0c00a710711ca4e69739f5c468a01ef21f27fb1b8dcf8166215827f5b447aaf684dba316167b8b4d6921de92cf05ddba30000c009970bf45b8bc13b8201b

  • SSDEEP

    768:ZdhO/poiiUcjlJInI2gH9Xqk5nWEZ5SbTDaPuI7CPW5I:Xw+jjgnILH9XqcnW85SbT6uIA

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

49.194.29.240

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    100

  • install_path

    appdata

  • port

    4444

  • startup_name

    MSC_Services

Targets

    • Target

      SolaraBootstrapper.exe

    • Size

      45KB

    • MD5

      1fa704059ed0497d9532b6312249475a

    • SHA1

      1bee85f227d135158fe623f40380b22770f57c25

    • SHA256

      dc49a2770d20bbc6da5b94d9f36ee79a63769c0e231b223e64dc2999ceb51c01

    • SHA512

      60ee0c00a710711ca4e69739f5c468a01ef21f27fb1b8dcf8166215827f5b447aaf684dba316167b8b4d6921de92cf05ddba30000c009970bf45b8bc13b8201b

    • SSDEEP

      768:ZdhO/poiiUcjlJInI2gH9Xqk5nWEZ5SbTDaPuI7CPW5I:Xw+jjgnILH9XqcnW85SbT6uIA

    Score
    10/10
    xenoratdiscoveryrattrojan

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Xenorat family

      xenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks