xenorat | fa4f97a38443e919cba50e6fe7cf121f4b69305b57eedca93128f016ff289a0f | Triage

Sharing

General

Target

nai.exe
Size

45KB
Sample

241219-x1f7vaykbr
MD5

4cbfc61732f67fdd690ff9d578af8f14
SHA1

dcb062b56bbe4b9660f4a07e3d7f59a92f6bf3d3
SHA256

fa4f97a38443e919cba50e6fe7cf121f4b69305b57eedca93128f016ff289a0f
SHA512

768f53ea46ca839fa2f6ddad154d4b0a1c0de3b1c926cfdb986f8790086c92e1de3366796345623195a643a3cf3c9743b5d9990e02c8d736c1a85b76eb225408
SSDEEP

768:bdhO/poiiUcjlJInvvH9Xqk5nWEZ5SbTDaJWI7CPW5R:Jw+jjgn3H9XqcnW85SbTAWIJ

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
nothingset

Targets

- Target
  
  nai.exe
- Size
  
  45KB
- MD5
  
  4cbfc61732f67fdd690ff9d578af8f14
- SHA1
  
  dcb062b56bbe4b9660f4a07e3d7f59a92f6bf3d3
- SHA256
  
  fa4f97a38443e919cba50e6fe7cf121f4b69305b57eedca93128f016ff289a0f
- SHA512
  
  768f53ea46ca839fa2f6ddad154d4b0a1c0de3b1c926cfdb986f8790086c92e1de3366796345623195a643a3cf3c9743b5d9990e02c8d736c1a85b76eb225408
- SSDEEP
  
  768:bdhO/poiiUcjlJInvvH9Xqk5nWEZ5SbTDaJWI7CPW5R:Jw+jjgn3H9XqcnW85SbTAWIJ
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan