Overview

overview

10

Static

static

10

NexusAPI.exe

windows7-x64

10

NexusAPI.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NexusAPI.exe

  • Size

    218KB

  • Sample

    250221-vr856axqs4

  • MD5

    f84f2262fe9b85b3c4cd5580e08aad00

  • SHA1

    5d4f6dadafbdab7d5c58a6532424e568701f3425

  • SHA256

    379a51d059e6decbc5925b87fee09e5376254a57842417ed3eae53ab85d4caa0

  • SHA512

    4642ee4f9376d74b7612d280ccdcaae9a9aa55a84edeff69af0a0ef92a7ce0b60b00f122b98d2ddb4f6558116442c7b5d2aefd496a295af0e075e90731c4421f

  • SSDEEP

    3072:Pc9z4rQfwN8zMLrAFbEt68OU5kbN0iDaKgx:PTa4LAbF8L5kHOKg

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Targets

    • Target

      NexusAPI.exe

    • Size

      218KB

    • MD5

      f84f2262fe9b85b3c4cd5580e08aad00

    • SHA1

      5d4f6dadafbdab7d5c58a6532424e568701f3425

    • SHA256

      379a51d059e6decbc5925b87fee09e5376254a57842417ed3eae53ab85d4caa0

    • SHA512

      4642ee4f9376d74b7612d280ccdcaae9a9aa55a84edeff69af0a0ef92a7ce0b60b00f122b98d2ddb4f6558116442c7b5d2aefd496a295af0e075e90731c4421f

    • SSDEEP

      3072:Pc9z4rQfwN8zMLrAFbEt68OU5kbN0iDaKgx:PTa4LAbF8L5kHOKg

    Score
    10/10
    xenoratdiscoveryrattrojan

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Xenorat family

      xenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks