General

  • Target

    1176f6decd2a42d847b2ae44209266907b6f3a0b7c7beb3de99a8e351a5874f6N.exe

  • Size

    45KB

  • Sample

    241220-e1rdpszqer

  • MD5

    436c1c95e3de4456f90d2028d3297cc0

  • SHA1

    4e9c7ea2e8ed20c4f26fc5e42824fb0ea5e34361

  • SHA256

    1176f6decd2a42d847b2ae44209266907b6f3a0b7c7beb3de99a8e351a5874f6

  • SHA512

    19e8f2c15a31b8e92eb574dbaf158f697f3999b85349de7f646978bd49d5d8a53507e53cfd063fcd57ff4a7cdd543e0008ad49b681d1c1c7ecfe2ee75d883047

  • SSDEEP

    768:hdhO/poiiUcjlJInE0H9Xqk5nWEZ5SbTDaVuI7CPW55:fw+jjgntH9XqcnW85SbTAuIB

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    temp

  • port

    4444

  • startup_name

    Spotify

Targets

    • Target

      1176f6decd2a42d847b2ae44209266907b6f3a0b7c7beb3de99a8e351a5874f6N.exe

    • Size

      45KB

    • MD5

      436c1c95e3de4456f90d2028d3297cc0

    • SHA1

      4e9c7ea2e8ed20c4f26fc5e42824fb0ea5e34361

    • SHA256

      1176f6decd2a42d847b2ae44209266907b6f3a0b7c7beb3de99a8e351a5874f6

    • SHA512

      19e8f2c15a31b8e92eb574dbaf158f697f3999b85349de7f646978bd49d5d8a53507e53cfd063fcd57ff4a7cdd543e0008ad49b681d1c1c7ecfe2ee75d883047

    • SSDEEP

      768:hdhO/poiiUcjlJInE0H9Xqk5nWEZ5SbTDaVuI7CPW55:fw+jjgntH9XqcnW85SbTAuIB

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.