xenorat | 47497f110de244113679de02a3eefc50a9831c13e7c86b45ea3e0ce8d0072f7d | Triage

Submit
Reports

Overview

overview

Static

static

BootstrapperNew1.exe

windows10-2004-x64

BootstrapperNew1.exe

windows10-ltsc 2021-x64

BootstrapperNew1.exe

windows11-21h2-x64

Sharing

General

Target

BootstrapperNew1.exe
Size

50KB
Sample

250216-b3bt9awjfs
MD5

2db839a013bb2742e80cdcf4edc63f39
SHA1

8b94a91e13f1ff30a3ca2627d3b43affacbb66b0
SHA256

47497f110de244113679de02a3eefc50a9831c13e7c86b45ea3e0ce8d0072f7d
SHA512

3f0210b4a1245d67c96f563a191b4c11455137afee436ec2b41d2b672a93aed4ebeb5ac0814217ef9fc3c1706c371028670583876d829bccc244206af34e324a
SSDEEP

768:UdhO/poiiUcjlJIn8aH9Xqk5nWEZ5SbTDaCuI7CPW5ispt:uw+jjgnfH9XqcnW85SbTvuIqspt

Score

10^/10

xenorat discovery rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

BootstrapperNew1.exe

Resource

win10v2004-20250211-en

xenorat discovery rat trojan

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

BootstrapperNew1.exe

Resource

win10ltsc2021-20250207-en

xenorat discovery rat trojan

windows10-ltsc 2021-x64

16 signatures

150 seconds

Behavioral task

behavioral3

Sample

BootstrapperNew1.exe

Resource

win11-20250211-en

xenorat discovery rat trojan

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

xenorat

C2

193.161.193.99

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
Solara Bootstrapper Dependinces

Targets

- Target
  
  BootstrapperNew1.exe
- Size
  
  50KB
- MD5
  
  2db839a013bb2742e80cdcf4edc63f39
- SHA1
  
  8b94a91e13f1ff30a3ca2627d3b43affacbb66b0
- SHA256
  
  47497f110de244113679de02a3eefc50a9831c13e7c86b45ea3e0ce8d0072f7d
- SHA512
  
  3f0210b4a1245d67c96f563a191b4c11455137afee436ec2b41d2b672a93aed4ebeb5ac0814217ef9fc3c1706c371028670583876d829bccc244206af34e324a
- SSDEEP
  
  768:UdhO/poiiUcjlJIn8aH9Xqk5nWEZ5SbTDaCuI7CPW5ispt:uw+jjgnfH9XqcnW85SbTvuIqspt
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan

behavioral3

xenoratdiscoveryrattrojan

© 2018-2025

Terms | Privacy