xenorat | 7ee2edea3e675db5189d0ca73d4014c98216153dfa7885f31ffba493b6e587d9 | Triage

Sharing

General

Target

asteroid-256-main.zip
Size

2.8MB
Sample

241214-157r5swlaz
MD5

24ad6b46f9ee78f7c89bde706d86e4bb
SHA1

250f5355ce75f2a216546d999643f6087602f84e
SHA256

7ee2edea3e675db5189d0ca73d4014c98216153dfa7885f31ffba493b6e587d9
SHA512

174b93fc4434b5b5f6574ed8b323f6dc2cc0c77835b682394bac99f0d59e82677fa5a6ebced0b439f705dbc97a2b525c43252418682cc8f437c1b42284a226e8
SSDEEP

49152:JuwsipYkMY64JWvXDAEoQLzB53LTmTN4YAbl257/OiPhuCaicaEnMGgmuO1r:U+pYHAJcxH34iYABG7DuCaicapG7n

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
gg

Targets

- Target
  
  asteroid-256-main/Asteroid.dll
- Size
  
  6.2MB
- MD5
  
  1cbff5503cb1319a2eb05705eceb622e
- SHA1
  
  e26f78bb0a5845daef1278d5d86c7473dbb28c9f
- SHA256
  
  ec06ea0cb3c08f5067f11c16fe5e8a17d28437cea8b5bffe95146cf00c55b170
- SHA512
  
  629053d6594513bb3a15528079c456504c62638ee82871a3af78e1a5708086de7ab82756837c6c8ba5259e0428076b5717e7db8ffc4345323b7ab0869034efcb
- SSDEEP
  
  98304:9J+kP+FMRD99Eml+oB6K/JRl7r/UcPUTWcEXZV:7R2FMRD9vMoB6K/JRl7rMc7N
Score

1^/10
behavioral1
- Target
  
  asteroid-256-main/selfess.exe
- Size
  
  112KB
- MD5
  
  a10cb3a53b64b20da6d511622a4ffeb4
- SHA1
  
  3568550a55d5facff2ee6dc8da0900aa9b19dee6
- SHA256
  
  43879a1a65c815dcd4a7d9bb25981f6603ba952800d3d3c103717bf0b41c4d6e
- SHA512
  
  ad72a609e00dd3dc2360c466085eeb6dfc8abe4bdc1163d01c99cc6a682a2dfd93c08ccb33d314a9a6e713bc904ae2aa38b9a6f8c953b0a5bbd0ea2550cb01ea
- SSDEEP
  
  1536:Lw+jjgnGElmH9XqcnW85SbT/uIin+EQzl3:Lw+jqJo91UbT/Un+Eg
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

xenoratdiscoveryrattrojan