seroxen | 1d9a6ee7b20ba3a798720d1fcba46ae816e2a64c80f14eac9ad0b8821a1510ad | Triage

Resubmissions

05-02-2025 19:00

250205-xnm5ma1khj 10

05-02-2025 18:56

250205-xld4ya1kdp 8

Sharing

General

Target

Syntax Grabber.exe
Size

7.9MB
Sample

250205-xnm5ma1khj
MD5

4c281767e69dd74a8be2ec9f307b3403
SHA1

8976b9c3d954e988c305c3dcc637ef124a552462
SHA256

1d9a6ee7b20ba3a798720d1fcba46ae816e2a64c80f14eac9ad0b8821a1510ad
SHA512

fb0c2740980529a070ffb122bbbbc56941bce5debcee143ccafc36772fd8084570731d14be06513da2223cf77a6c99b1bd0a2864784119bdb3966e4c1f455b84
SSDEEP

196608:Nn1kbTz21W903eV4QRM993iObMGuLmUVe1Pck8qf:R2nzcW+eGQRe93iObyL9w982

Score

10^/10

seroxen defense_evasion execution pyinstaller trojan

Malware Config

Targets

- Target
  
  Syntax Grabber.exe
- Size
  
  7.9MB
- MD5
  
  4c281767e69dd74a8be2ec9f307b3403
- SHA1
  
  8976b9c3d954e988c305c3dcc637ef124a552462
- SHA256
  
  1d9a6ee7b20ba3a798720d1fcba46ae816e2a64c80f14eac9ad0b8821a1510ad
- SHA512
  
  fb0c2740980529a070ffb122bbbbc56941bce5debcee143ccafc36772fd8084570731d14be06513da2223cf77a6c99b1bd0a2864784119bdb3966e4c1f455b84
- SSDEEP
  
  196608:Nn1kbTz21W903eV4QRM993iObMGuLmUVe1Pck8qf:R2nzcW+eGQRe93iObyL9w982
Score

10^/10

seroxen defense_evasion execution trojan
- Seroxen family
  seroxen
- Seroxen, Ser0xen
  Seroxen or SeroXen aka Ser0Xen is a trojan fist disovered in late 2022.
  trojan seroxen
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Safe Mode Boot

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

seroxendefense_evasionexecutiontrojan