General
-
Target
https://github.com/Mikeykorby/Educational-Purposes./raw/refs/heads/main/Bootstrapper1.exe
-
Sample
250215-zeajaatld1
Score
10/10
Malware Config
Extracted
Family
xenorat
C2
192.168.1.236
Mutex
Xeno_rat_nd8912d
Attributes
-
delay
5000
-
install_path
appdata
-
port
4785
-
startup_name
Solara Bootstrapper Dependinces
Extracted
Family
quasar
Version
1.4.1
Botnet
yada
C2
192.168.1.236:4782
Mutex
b796139d-9ac7-4dd6-b216-9d23cb27a8cf
Attributes
-
encryption_key
A32C977AF70FAC39329AA4FE677FAA9E5BEB3D7E
-
install_name
BoostrapperNew.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Solara Boostrapper Dependinces
-
subdirectory
SubDir
Targets
-
-
Target
https://github.com/Mikeykorby/Educational-Purposes./raw/refs/heads/main/Bootstrapper1.exe
Score10/10-
Detect XenoRat Payload
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload
-
XenorRat
XenorRat is a remote access trojan written in C#.
-
Xenorat family
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-