xenorat | e8fcf45c5f69788c144237244d43881736cf44e200644cdd1960e5f07ebfbec9 | Triage

Sharing

General

Target

2025-01-04_ca09d3fddc7c435f9e61f3dfb5d7eae0_hiddentear
Size

143KB
Sample

250104-ctgjtaymdn
MD5

ca09d3fddc7c435f9e61f3dfb5d7eae0
SHA1

a5d9a86269dac2fb2ba25de2a54f89ad70c2fb9e
SHA256

e8fcf45c5f69788c144237244d43881736cf44e200644cdd1960e5f07ebfbec9
SHA512

fd4fba4f8aae9865f4134f19af7c8a806f5713d68de71eff277cc3f61a63b8f829b851bbb4c508599c5a3ea42aa64d5b8bab7063a0f1a076b8f4a3fbc1d9434b
SSDEEP

3072:1hiQuE3PErbMbuM+lmsolAIrRuw+mqv9j1MWLQ+:mUfErbQ+lDAA

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

BinaryX_Monitor_5435

Attributes

delay
5000
install_path
nothingset
port
888
startup_name
nothingset

Targets

- Target
  
  2025-01-04_ca09d3fddc7c435f9e61f3dfb5d7eae0_hiddentear
- Size
  
  143KB
- MD5
  
  ca09d3fddc7c435f9e61f3dfb5d7eae0
- SHA1
  
  a5d9a86269dac2fb2ba25de2a54f89ad70c2fb9e
- SHA256
  
  e8fcf45c5f69788c144237244d43881736cf44e200644cdd1960e5f07ebfbec9
- SHA512
  
  fd4fba4f8aae9865f4134f19af7c8a806f5713d68de71eff277cc3f61a63b8f829b851bbb4c508599c5a3ea42aa64d5b8bab7063a0f1a076b8f4a3fbc1d9434b
- SSDEEP
  
  3072:1hiQuE3PErbMbuM+lmsolAIrRuw+mqv9j1MWLQ+:mUfErbQ+lDAA
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan