xenorat | 9f5fc80c61b163a400acb871ecd08865a07ea9869cfd33845f4450a219779964 | Triage

Sharing

General

Target

M90ML_Efispoofer.exe
Size

45KB
Sample

250105-rgtqyawnbx
MD5

d243bb6440d8a27c86e9e3a3b14261f0
SHA1

0be4a0a10d0f882d12bc943c7e3fbe3bb85cd34c
SHA256

9f5fc80c61b163a400acb871ecd08865a07ea9869cfd33845f4450a219779964
SHA512

7b5775134e234955a825cf8ee85e608e4ada7282afccc9304afb7dcd305100f927ed051c405db393395c6fd7e661632b6a7e5d03bd787679f176884b13a632ed
SSDEEP

768:tdhO/poiiUcjlJInWYH9Xqk5nWEZ5SbTDalYuI7CPW57:jw+jjgnjH9XqcnW85SbTPuIz

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

128.78.132.78

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
Efi spoofer auto spoof

Targets

- Target
  
  M90ML_Efispoofer.exe
- Size
  
  45KB
- MD5
  
  d243bb6440d8a27c86e9e3a3b14261f0
- SHA1
  
  0be4a0a10d0f882d12bc943c7e3fbe3bb85cd34c
- SHA256
  
  9f5fc80c61b163a400acb871ecd08865a07ea9869cfd33845f4450a219779964
- SHA512
  
  7b5775134e234955a825cf8ee85e608e4ada7282afccc9304afb7dcd305100f927ed051c405db393395c6fd7e661632b6a7e5d03bd787679f176884b13a632ed
- SSDEEP
  
  768:tdhO/poiiUcjlJInWYH9Xqk5nWEZ5SbTDalYuI7CPW57:jw+jjgnjH9XqcnW85SbTPuIz
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan