General

  • Target

    SKIBITOLIET.exe

  • Size

    45KB

  • Sample

    250308-sv2jdayygs

  • MD5

    7190e8a17d3b610dd954e3bc85a76fae

  • SHA1

    10683424e5bc52979d562aafe6e00953deaca45e

  • SHA256

    2f3845685a5f0fbff420a7cf627f4172393012bdf8815e72c6975534d9bd718e

  • SHA512

    5899f443cfd02d689f13043e7fd868e9486fd7b50f9d0514e917551d47c8e9897ec0b7c2d6c36532c6dffc94381c524ac6087c859780beca5aebdadb13b08d16

  • SSDEEP

    768:VdhO/poiiUcjlJInSjsZ8H9Xqk5nWEZ5SbTDaFuI7CPW5E:rw+jjgnIsZ8H9XqcnW85SbTouIc

Malware Config

Extracted

Family

xenorat

C2

found-politicians.gl.at.ply.gg

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    47806

  • startup_name

    Sinkerboi

Targets

    • Target

      SKIBITOLIET.exe

    • Size

      45KB

    • MD5

      7190e8a17d3b610dd954e3bc85a76fae

    • SHA1

      10683424e5bc52979d562aafe6e00953deaca45e

    • SHA256

      2f3845685a5f0fbff420a7cf627f4172393012bdf8815e72c6975534d9bd718e

    • SHA512

      5899f443cfd02d689f13043e7fd868e9486fd7b50f9d0514e917551d47c8e9897ec0b7c2d6c36532c6dffc94381c524ac6087c859780beca5aebdadb13b08d16

    • SSDEEP

      768:VdhO/poiiUcjlJInSjsZ8H9Xqk5nWEZ5SbTDaFuI7CPW5E:rw+jjgnIsZ8H9XqcnW85SbTouIc

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks