General

  • Target

    e.exe

  • Size

    45KB

  • Sample

    250311-bykllawjy3

  • MD5

    19bca2b4f66c1e8f9dc803c1fa03a44a

  • SHA1

    69dca44b135141a5712952fdaaedc368e69ac3fe

  • SHA256

    8dce881d5b28588a58d2ce1555ff11729e3ec9519b35639c53df18de9df805c5

  • SHA512

    df118de9b8891fb3cd75d2e9aa5defa0dab2f6f55e6c03e21719d6d73d23676bbdd76655d3da1bb438a51803206ee90a8e7c12a25ab0827c537cd4fc79d1c36c

  • SSDEEP

    768:RdhO/poiiUcjlJIn90H9Xqk5nWEZ5SbTDaBIuI7CPW5Z:Pw+jjgnGH9XqcnW85SbT4IuIx

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Vector-fixer

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    1234.exe

Targets

    • Target

      e.exe

    • Size

      45KB

    • MD5

      19bca2b4f66c1e8f9dc803c1fa03a44a

    • SHA1

      69dca44b135141a5712952fdaaedc368e69ac3fe

    • SHA256

      8dce881d5b28588a58d2ce1555ff11729e3ec9519b35639c53df18de9df805c5

    • SHA512

      df118de9b8891fb3cd75d2e9aa5defa0dab2f6f55e6c03e21719d6d73d23676bbdd76655d3da1bb438a51803206ee90a8e7c12a25ab0827c537cd4fc79d1c36c

    • SSDEEP

      768:RdhO/poiiUcjlJIn90H9Xqk5nWEZ5SbTDaBIuI7CPW5Z:Pw+jjgnGH9XqcnW85SbT4IuIx

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks