xenorat | b1d78245b605729b11897c48a64cfbf8299ff84a905ff89fa42ad76acbf93b73

General

Target

b50feaa17cd93050f512aee311ebdbcb.exe
Size

45KB
Sample

250101-n37yxatpcx
MD5

b50feaa17cd93050f512aee311ebdbcb
SHA1

32fae888863f00c97229b9944cf70cac85d1ef1c
SHA256

b1d78245b605729b11897c48a64cfbf8299ff84a905ff89fa42ad76acbf93b73
SHA512

0f45a46d13ad4c09ffbfab255ac6b52476682e2ba41ce1832b40c019778dc3e4e1659d656e4d113de194a39b4b4d7423e9972fd6a93b0e072524c0ca977ea3a6
SSDEEP

768:SdhO/poiiUcjlJInysWH9Xqk5nWEZ5SbTDaPuI7CPW5R:0w+jjgnMH9XqcnW85SbTauIp

Score

10^/10

Malware Config

Extracted

Family

xenorat

C2

147.185.221.24

Mutex

kemo_nd8912d

Attributes

delay
5000
install_path
appdata
port
47517
startup_name
nothingset

Targets

- Target
  
  b50feaa17cd93050f512aee311ebdbcb.exe
- Size
  
  45KB
- MD5
  
  b50feaa17cd93050f512aee311ebdbcb
- SHA1
  
  32fae888863f00c97229b9944cf70cac85d1ef1c
- SHA256
  
  b1d78245b605729b11897c48a64cfbf8299ff84a905ff89fa42ad76acbf93b73
- SHA512
  
  0f45a46d13ad4c09ffbfab255ac6b52476682e2ba41ce1832b40c019778dc3e4e1659d656e4d113de194a39b4b4d7423e9972fd6a93b0e072524c0ca977ea3a6
- SSDEEP
  
  768:SdhO/poiiUcjlJInysWH9Xqk5nWEZ5SbTDaPuI7CPW5R:0w+jjgnMH9XqcnW85SbTauIp
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect XenoRat Payload

XenorRat

Xenorat family

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2