xenorat | 4b464a4f2349980f053288514e7e25b20319cf7655576f702def8bbf1a6e49af | Triage

Sharing

General

Target

xeno cheat.exe
Size

45KB
Sample

250208-drjf3asjfz
MD5

724a1a11d4fe58feafde5ea5d5cb0ee7
SHA1

4c6a67d87338ff6060ad83d84e78c4e4e4ed044d
SHA256

4b464a4f2349980f053288514e7e25b20319cf7655576f702def8bbf1a6e49af
SHA512

0b486edf69b4715a92eb887086a9161fb98ab06c5aabd7a33fa4bc42077f70d5ce7e1cc8f38ee8de734541309fbf1c5d15204566b62e6279fa9b7ed7b41a82fd
SSDEEP

768:+dhO/poiiUcjlJInUkiH9Xqk5nWEZ5SbTDamWI7CPW5X:Iw+jjgngH9XqcnW85SbTfWIf

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

xeno_cheat

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
nothingset

Targets

- Target
  
  xeno cheat.exe
- Size
  
  45KB
- MD5
  
  724a1a11d4fe58feafde5ea5d5cb0ee7
- SHA1
  
  4c6a67d87338ff6060ad83d84e78c4e4e4ed044d
- SHA256
  
  4b464a4f2349980f053288514e7e25b20319cf7655576f702def8bbf1a6e49af
- SHA512
  
  0b486edf69b4715a92eb887086a9161fb98ab06c5aabd7a33fa4bc42077f70d5ce7e1cc8f38ee8de734541309fbf1c5d15204566b62e6279fa9b7ed7b41a82fd
- SSDEEP
  
  768:+dhO/poiiUcjlJInUkiH9Xqk5nWEZ5SbTDamWI7CPW5X:Iw+jjgngH9XqcnW85SbTfWIf
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan