xenorat | e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd | Triage

Resubmissions

10-01-2025 18:41

250110-xb792avlhq 10

10-01-2025 18:41

250110-xbrbhssld1 10

10-01-2025 18:40

250110-xbdenasldt 10

10-01-2025 18:39

250110-xayn7sslcv 10

Sharing

General

Target

Release.zip
Size

6.4MB
Sample

250110-xayn7sslcv
MD5

89661a9ff6de529497fec56a112bf75e
SHA1

2dd31a19489f4d7c562b647f69117e31b894b5c3
SHA256

e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd
SHA512

33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f
SSDEEP

196608:SYNI1S7C6S230UwVLW83FUSA7WQZzwM3/C2cM7m2:rNIs7CDvB1USA7WS/vcx2

Score

10^/10

xenorat discovery linux

Malware Config

Extracted

Family

xenorat

C2

localhost

Mutex

testing 123123

Attributes

delay
1000
install_path
nothingset
port
1234
startup_name
nothingset

Targets

- Target
  
  Release.zip
- Size
  
  6.4MB
- MD5
  
  89661a9ff6de529497fec56a112bf75e
- SHA1
  
  2dd31a19489f4d7c562b647f69117e31b894b5c3
- SHA256
  
  e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd
- SHA512
  
  33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f
- SSDEEP
  
  196608:SYNI1S7C6S230UwVLW83FUSA7WQZzwM3/C2cM7m2:rNIs7CDvB1USA7WS/vcx2
Score

3^/10

discovery
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  country_flags/GeoLite2-Country.mmdb
- Size
  
  6.0MB
- MD5
  
  1673baa69e09910f4e9141074163f9cf
- SHA1
  
  36465e9d0d568c53e0395e71c3a9c46eed307b4a
- SHA256
  
  064028784d81d283ff936eb5bbec810d81e8c85530c46e5717e5d7bd7dd3adb9
- SHA512
  
  e21c99278496ac96d514484cb440f2f743a2509c69888a6694c25bfc478cf797ac858d4e32abe678a4aea96ed0ad75b1980d2a1537c85e626a119b24c93e7b37
- SSDEEP
  
  98304:yqDYYo+XRm+ESo8TTChvcy1vdT4ote+YqPxMsc:yqkYZRmxF8TChjZZHte+YqPxMsc
Score

1^/10
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  country_flags/ad.png
- Size
  
  1KB
- MD5
  
  68474a4935598753955993ccbd7062b3
- SHA1
  
  79f32a99fa7a3761d7e7b592bbac279c7a1d5559
- SHA256
  
  6e45d3cec2a17a9b9353b68288934e7c4931a36ec271b595750bf8441afae019
- SHA512
  
  631cb2594d55d14f3321cb1975cf7e35ee0e79d63c9eec23a39851849ef17cfb81edf74a6f906d92ef4dc9ed48c230ec7e3966e71a91c603beb6708f81aa90fe
Score

1^/10
behavioral10 behavioral11 behavioral12 behavioral9
- Target
  
  country_flags/ae.png
- Size
  
  687B
- MD5
  
  0aad6b193a525af068832a5f3312dc3e
- SHA1
  
  75d2268655d2e9c2cfd39f4512c1ba46d701e91d
- SHA256
  
  6af9e1cb4e4c86a1d1b9f2fdb5c9a4eb554f4cfb674d8357f2e7e1086de4b4be
- SHA512
  
  0cbbdba73d929ff425b55abc437b82c8b56f29ec9a7b59573d134e3df5ceaf8bf928f0c4049f7a9b09638337cde8cc9cdcb0a823101d121ce99e57f5f5726cc2
Score

1^/10
behavioral13 behavioral14 behavioral15 behavioral16
- Target
  
  country_flags/af.png
- Size
  
  1KB
- MD5
  
  b438e2fcc22b7b7138a2270b0c46c11c
- SHA1
  
  a725f3930551e5d9ff2c719d1a159942c33ee659
- SHA256
  
  2e738e232ba262bd7b40d39f0a8ef1b68204381b0f5d97367c8b827aea9e83be
- SHA512
  
  01df36890f1cf4fff686ae1c16f2e18edb5fd2b88ba659e3cce651b3ffebe371e4dec1fb16b27c2714a6d4dbace1c7da9e7c59aff58579b111b444622eceff13
Score

1^/10
behavioral17 behavioral18 behavioral19 behavioral20
- Target
  
  country_flags/ag.png
- Size
  
  983B
- MD5
  
  f16d86d6cd9efed9d56c4e27222225cc
- SHA1
  
  2e1a7b01df725adcbdde98b683a2788c68eeeff2
- SHA256
  
  8cf632b5d10c24e29c68082bdba8737269f5160360985f9c306e8b20940552ac
- SHA512
  
  5b970073ad7b7561311d83ab5bd8d6de5486be90fd6e4ddf0581eadbdfaf007926ae8747141cd2bcd243bc254bfe0eb2db0ea3db01759361601350759d426a8c
Score

1^/10
behavioral21 behavioral22 behavioral23 behavioral24
- Target
  
  country_flags/ai.png
- Size
  
  1KB
- MD5
  
  2e5628753b22d149925f2edca861cce8
- SHA1
  
  eb12eec16eceaf289cb33cb4cd777b369d85e793
- SHA256
  
  d95df82e43d2e94018a777083e68bb5a00260912037fc02243ddfe3a0a377f45
- SHA512
  
  7db7b846c7710e8733928113acb9f70893ff16d06775c9862d03d075ad0fbe429a382df1f26ebd4836eefeabc1b8cf7734a7ef1b4b478c45cc2bf5ed2a1e8be8
Score

1^/10
behavioral25 behavioral26 behavioral27 behavioral28
- Target
  
  country_flags/al.png
- Size
  
  757B
- MD5
  
  8109adb0c3baf5d82c44385afb369943
- SHA1
  
  4bc749135d32c08bd0557bb67ddc98a858354835
- SHA256
  
  2e005216be2a847983ebe9a5a4b4ff2936c9008cc7c925ed7059350d4fcf370d
- SHA512
  
  56f8f92eef8b8ae2e79f0a3a3b08df2ca22da658cd417fc3928d0895058776536f33ae93b61be7032295c9dafbc9b369016a16be0e0a4aa3243ad60f3ac3ff1d
Score

1^/10
behavioral29 behavioral30 behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32