General

  • Target

    xeno.exe

  • Size

    45KB

  • Sample

    250308-nz6xfawqs9

  • MD5

    012e5dc5358be0ea18a36dce1db9ffb8

  • SHA1

    ab21543545289caeab4c7ccf913128b762008814

  • SHA256

    b5fd8b5a52e098b006d80e2355bc69bab4ec2e6f1822951fbc19efe9f03fb2f2

  • SHA512

    2ba96d2b90e690988bfc7af424cd87f4fa6ea76b8acdd2d8e55f0e16939e7d579d0b8f68391871495ea4483235cd60f9957729855aaf255c3b503961c42cc7d3

  • SSDEEP

    768:hdhO/poiiUcjlJInEQH9Xqk5nWEZ5SbTDa+WI7CPW5D:fw+jjgndH9XqcnW85SbT3WIr

Malware Config

Extracted

Family

xenorat

C2

91.51.36.43

Mutex

25682-25636-235364376-254262

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4847

  • startup_name

    RuntimeBroker

Targets

    • Target

      xeno.exe

    • Size

      45KB

    • MD5

      012e5dc5358be0ea18a36dce1db9ffb8

    • SHA1

      ab21543545289caeab4c7ccf913128b762008814

    • SHA256

      b5fd8b5a52e098b006d80e2355bc69bab4ec2e6f1822951fbc19efe9f03fb2f2

    • SHA512

      2ba96d2b90e690988bfc7af424cd87f4fa6ea76b8acdd2d8e55f0e16939e7d579d0b8f68391871495ea4483235cd60f9957729855aaf255c3b503961c42cc7d3

    • SSDEEP

      768:hdhO/poiiUcjlJInEQH9Xqk5nWEZ5SbTDa+WI7CPW5D:fw+jjgndH9XqcnW85SbT3WIr

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks