Overview

overview

10

Static

static

1

Notepad.txt

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Notepad.txt

  • Size

    339B

  • Sample

    250108-2vk13azjgj

  • MD5

    0f278ef649c5620e8c7def1f71069864

  • SHA1

    a8743791baed7c850bda2df340730c806fdcf66b

  • SHA256

    f5bbc5fd1993c00aad0e04cf674216b3eb317aee7a1208aa99e3b311f60624c7

  • SHA512

    fc8077702c179f4b909a67e7f0b59d91a621c70d66ca81a587d64a100d8508e1fdd7835b3a25a157b823e0710f81928981b27c96f6b5e27e89b1ddb8e5aedd3a

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

localhost

Mutex

testing 123123

Attributes
  • delay

    1000

  • install_path

    nothingset

  • port

    1234

  • startup_name

    nothingset

Targets

    • Target

      Notepad.txt

    • Size

      339B

    • MD5

      0f278ef649c5620e8c7def1f71069864

    • SHA1

      a8743791baed7c850bda2df340730c806fdcf66b

    • SHA256

      f5bbc5fd1993c00aad0e04cf674216b3eb317aee7a1208aa99e3b311f60624c7

    • SHA512

      fc8077702c179f4b909a67e7f0b59d91a621c70d66ca81a587d64a100d8508e1fdd7835b3a25a157b823e0710f81928981b27c96f6b5e27e89b1ddb8e5aedd3a

    Score
    10/10
    xenoratdiscoveryrattrojan

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Xenorat family

      xenorat

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks