General

  • Target

    eee.exe

  • Size

    45KB

  • Sample

    250311-b2evhswxd1

  • MD5

    539af28c36efbf259e78287e220b0842

  • SHA1

    5979dea1f9533149da997c284ef5f39326dedc1a

  • SHA256

    0778090c44bb09a80adbe6592c1c5b2f6732010293b163449f3a5a1d02ea684a

  • SHA512

    a808636b6ba1e5d8c18e7c3441f556c7f0dcebc3171bacd538575b70cea6881dcc0f4360c30058eafc70e309d0003ffef28a13ff4a533fd8dc48e2b36d41f40b

  • SSDEEP

    768:5dhO/poiiUcjlJInnbqmH9Xqk5nWEZ5SbTDaRIWI7CPW5R:3w+jjgnLH9XqcnW85SbTcIWI5

Malware Config

Extracted

Family

xenorat

C2

172.22.94.46

Mutex

Vector-fixer

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    1234.exe

Targets

    • Target

      eee.exe

    • Size

      45KB

    • MD5

      539af28c36efbf259e78287e220b0842

    • SHA1

      5979dea1f9533149da997c284ef5f39326dedc1a

    • SHA256

      0778090c44bb09a80adbe6592c1c5b2f6732010293b163449f3a5a1d02ea684a

    • SHA512

      a808636b6ba1e5d8c18e7c3441f556c7f0dcebc3171bacd538575b70cea6881dcc0f4360c30058eafc70e309d0003ffef28a13ff4a533fd8dc48e2b36d41f40b

    • SSDEEP

      768:5dhO/poiiUcjlJInnbqmH9Xqk5nWEZ5SbTDaRIWI7CPW5R:3w+jjgnLH9XqcnW85SbTcIWI5

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks