xenorat | 0c94d8c552aed5834ac2ee05f6a383bfaf055b03f8843266784b6aaabb7a0a01 | Triage

Submit
Reports

Overview

overview

Static

static

0c94d8c552...1N.exe

windows7-x64

0c94d8c552...1N.exe

windows10-2004-x64

Sharing

General

Target

0c94d8c552aed5834ac2ee05f6a383bfaf055b03f8843266784b6aaabb7a0a01N.exe
Size

45KB
Sample

241226-hgj23aypbx
MD5

79a545f81cb9cd8ba17265c178d57e30
SHA1

f83b69d3b83f777c7dabda6939e2658cfaab7605
SHA256

0c94d8c552aed5834ac2ee05f6a383bfaf055b03f8843266784b6aaabb7a0a01
SHA512

fd7724f041b6e5c8904ca318ee29407204d778ff90b93ac7ac87d0000f9365828848426c538f0f31ee78163ba640c0a8165c8b04f941d66ba6764785caf1e449
SSDEEP

768:RdhO/poiiUcjlJInY9SH9Xqk5nWEZ5SbTDazuI7CPW55:Pw+jjgnYoH9XqcnW85SbT+uIx

Score

10^/10

xenorat discovery rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

0c94d8c552aed5834ac2ee05f6a383bfaf055b03f8843266784b6aaabb7a0a01N.exe

Resource

win7-20240903-en

xenorat discovery rat trojan

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

0c94d8c552aed5834ac2ee05f6a383bfaf055b03f8843266784b6aaabb7a0a01N.exe

Resource

win10v2004-20241007-en

xenorat discovery rat trojan

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Extracted

Family

xenorat

C2

79.134.225.73

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
4448
startup_name
Registry

Targets

- Target
  
  0c94d8c552aed5834ac2ee05f6a383bfaf055b03f8843266784b6aaabb7a0a01N.exe
- Size
  
  45KB
- MD5
  
  79a545f81cb9cd8ba17265c178d57e30
- SHA1
  
  f83b69d3b83f777c7dabda6939e2658cfaab7605
- SHA256
  
  0c94d8c552aed5834ac2ee05f6a383bfaf055b03f8843266784b6aaabb7a0a01
- SHA512
  
  fd7724f041b6e5c8904ca318ee29407204d778ff90b93ac7ac87d0000f9365828848426c538f0f31ee78163ba640c0a8165c8b04f941d66ba6764785caf1e449
- SSDEEP
  
  768:RdhO/poiiUcjlJInY9SH9Xqk5nWEZ5SbTDazuI7CPW55:Pw+jjgnYoH9XqcnW85SbT+uIx
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan

© 2018-2025

Terms | Privacy