General
-
Target
https://github.com/moom825/xeno-rat
-
Sample
241220-n6qtsswjaw
Score
10/10
Malware Config
Extracted
Family
xenorat
C2
127.0.0.1
Mutex
Xeno_rat_nd8912d
Attributes
-
delay
5000
-
install_path
nothingset
-
port
1234
-
startup_name
nothingset
Targets
-
-
Target
https://github.com/moom825/xeno-rat
Score10/10-
Detect XenoRat Payload
-
XenorRat
XenorRat is a remote access trojan written in C#.
-
Xenorat family
-
Executes dropped EXE
-
Abuse Elevation Control Mechanism: Bypass User Account Control
UAC Bypass Attempt via SilentCleanup Task.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1