Resubmissions

08/03/2025, 16:12

250308-tntqmazkz7 10

08/03/2025, 16:08

250308-tlpznazkx7 10

08/03/2025, 15:58

250308-teycfsy1bv 10

General

  • Target

    New exploit technology.exe

  • Size

    45KB

  • Sample

    250308-teycfsy1bv

  • MD5

    ef6583b19186971376c393bed6c083c1

  • SHA1

    9e74fd5d2a8d8c6087d26220ff69b3a423b08d00

  • SHA256

    79d2d83067c74a455237011d506c89be3dcc502946c6f7a6125da1fa7c9e2146

  • SHA512

    4bb6d178ee6ee8386abf2964cef45b0ba79d4532b50828b8588e2164cf1ab2ea9bffaab0dc5b6b09d442b484251ea85fef322824042f1bdbc9b0ac42fe0beae7

  • SSDEEP

    768:JdhO/poiiUcjlJInvTH9Xqk5nWEZ5SbTDanuI7CPW54:Hw+jjgnbH9XqcnW85SbTyuIQ

Malware Config

Extracted

Family

xenorat

C2

pdf-switched.gl.at.ply.gg

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    48925

  • startup_name

    Exploits

Targets

    • Target

      New exploit technology.exe

    • Size

      45KB

    • MD5

      ef6583b19186971376c393bed6c083c1

    • SHA1

      9e74fd5d2a8d8c6087d26220ff69b3a423b08d00

    • SHA256

      79d2d83067c74a455237011d506c89be3dcc502946c6f7a6125da1fa7c9e2146

    • SHA512

      4bb6d178ee6ee8386abf2964cef45b0ba79d4532b50828b8588e2164cf1ab2ea9bffaab0dc5b6b09d442b484251ea85fef322824042f1bdbc9b0ac42fe0beae7

    • SSDEEP

      768:JdhO/poiiUcjlJInvTH9Xqk5nWEZ5SbTDanuI7CPW54:Hw+jjgnbH9XqcnW85SbTyuIQ

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks