xenorat | 379a51d059e6decbc5925b87fee09e5376254a57842417ed3eae53ab85d4caa0 | Triage

Submit
Reports

Overview

overview

Static

static

NexusAPI.exe

windows7-x64

NexusAPI.exe

windows10-2004-x64

Sharing

General

Target

NexusAPI.exe
Size

218KB
Sample

250221-vw2a4swke1
MD5

f84f2262fe9b85b3c4cd5580e08aad00
SHA1

5d4f6dadafbdab7d5c58a6532424e568701f3425
SHA256

379a51d059e6decbc5925b87fee09e5376254a57842417ed3eae53ab85d4caa0
SHA512

4642ee4f9376d74b7612d280ccdcaae9a9aa55a84edeff69af0a0ef92a7ce0b60b00f122b98d2ddb4f6558116442c7b5d2aefd496a295af0e075e90731c4421f
SSDEEP

3072:Pc9z4rQfwN8zMLrAFbEt68OU5kbN0iDaKgx:PTa4LAbF8L5kHOKg

Score

10^/10

xenorat discovery rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

NexusAPI.exe

Resource

win7-20240903-en

xenorat discovery rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NexusAPI.exe

Resource

win10v2004-20250217-en

xenorat discovery rat trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  NexusAPI.exe
- Size
  
  218KB
- MD5
  
  f84f2262fe9b85b3c4cd5580e08aad00
- SHA1
  
  5d4f6dadafbdab7d5c58a6532424e568701f3425
- SHA256
  
  379a51d059e6decbc5925b87fee09e5376254a57842417ed3eae53ab85d4caa0
- SHA512
  
  4642ee4f9376d74b7612d280ccdcaae9a9aa55a84edeff69af0a0ef92a7ce0b60b00f122b98d2ddb4f6558116442c7b5d2aefd496a295af0e075e90731c4421f
- SSDEEP
  
  3072:Pc9z4rQfwN8zMLrAFbEt68OU5kbN0iDaKgx:PTa4LAbF8L5kHOKg
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan

© 2018-2025

Terms | Privacy