xenorat | e1b5a90f068ee75d794e62acb4386e49a2e48b37d58de79801b437218dc78765 | Triage

Submit
Reports

Overview

overview

Static

static

Client-build.exe

windows7-x64

Client-build.exe

windows10-2004-x64

Sharing

General

Target

Client-build.exe
Size

45KB
Sample

250110-1eecxayla1
MD5

304d0e77da53af75ea9b70012a78348d
SHA1

2abfcf36150e5b19e90a2df133d5d5ccdc986b7b
SHA256

e1b5a90f068ee75d794e62acb4386e49a2e48b37d58de79801b437218dc78765
SHA512

0782a2840a73ae9459ba20e7ac9bd516efa55e65c2453b6d7bc7f68b39a63012d762c678e48c2fcaeb6418b31b6d2652fa7c4f33bd6ca0e53dbc018040fff054
SSDEEP

768:WdhO/poiiUcjlJInU9SH9Xqk5nWEZ5SbTDaauI7CPW5p:Aw+jjgnUoH9XqcnW85SbTfuIR

Score

10^/10

xenorat discovery rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Client-build.exe

Resource

win7-20240903-en

xenorat discovery rat trojan

windows7-x64

15 signatures

900 seconds

Behavioral task

behavioral2

Sample

Client-build.exe

Resource

win10v2004-20241007-en

xenorat discovery rat trojan

windows10-2004-x64

9 signatures

900 seconds

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
WindowsSys64

Targets

- Target
  
  Client-build.exe
- Size
  
  45KB
- MD5
  
  304d0e77da53af75ea9b70012a78348d
- SHA1
  
  2abfcf36150e5b19e90a2df133d5d5ccdc986b7b
- SHA256
  
  e1b5a90f068ee75d794e62acb4386e49a2e48b37d58de79801b437218dc78765
- SHA512
  
  0782a2840a73ae9459ba20e7ac9bd516efa55e65c2453b6d7bc7f68b39a63012d762c678e48c2fcaeb6418b31b6d2652fa7c4f33bd6ca0e53dbc018040fff054
- SSDEEP
  
  768:WdhO/poiiUcjlJInU9SH9Xqk5nWEZ5SbTDaauI7CPW5p:Aw+jjgnUoH9XqcnW85SbTfuIR
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan

© 2018-2025

Terms | Privacy