xenorat | ef2ba29f54fd3d48876405dc424f61ab27222fe36b5b5721c4a5ccca6e879ad1 | Triage

Submit
Reports

Overview

overview

Static

static

gowno.exe

windows11-21h2-x64

Sharing

General

Target

gowno.exe
Size

45KB
Sample

250319-2dx93av1a1
MD5

6145e62108a1aa3cd628939ba740449d
SHA1

812b83703130caf3832af8f9fb5dbd5d9045a2fc
SHA256

ef2ba29f54fd3d48876405dc424f61ab27222fe36b5b5721c4a5ccca6e879ad1
SHA512

20a57cb7119e570ded6876ca830c8070e239340ec64c0c0b8d0fbeeea121485b69c2372a0dcdb07ea54c72b9991db76e75f439dad442cccfd82987c7456a175f
SSDEEP

768:RdhO/poiiUcjlJInN1H9Xqk5nWEZ5SbTDamuI7CPW5T:Pw+jjgnHH9XqcnW85SbTzuIr

Score

10^/10

xenorat discovery rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

gowno.exe

Resource

win11-20250314-en

xenorat discovery rat trojan

windows11-21h2-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

testgowna

Attributes

delay
5000
install_path
appdata
port
5858
startup_name
nothingset

Targets

- Target
  
  gowno.exe
- Size
  
  45KB
- MD5
  
  6145e62108a1aa3cd628939ba740449d
- SHA1
  
  812b83703130caf3832af8f9fb5dbd5d9045a2fc
- SHA256
  
  ef2ba29f54fd3d48876405dc424f61ab27222fe36b5b5721c4a5ccca6e879ad1
- SHA512
  
  20a57cb7119e570ded6876ca830c8070e239340ec64c0c0b8d0fbeeea121485b69c2372a0dcdb07ea54c72b9991db76e75f439dad442cccfd82987c7456a175f
- SSDEEP
  
  768:RdhO/poiiUcjlJInN1H9Xqk5nWEZ5SbTDamuI7CPW5T:Pw+jjgnHH9XqcnW85SbTzuIr
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

© 2018-2025

Terms | Privacy