Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Xeno-v1.1.6.exe

windows7-x64

10

Xeno-v1.1.6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Xeno-v1.1.6.exe

  • Size

    45KB

  • Sample

    250322-z6hnzazzcs

  • MD5

    0f528a61dfeeefd4c08b59f46ed82b2e

  • SHA1

    b472ae85845a2cd715929368fa7facbbf40ca879

  • SHA256

    20e0f560eacb96e25bcd73ca7be5ee202e386c2c1c280c543817f9d377a20bba

  • SHA512

    cb7110729e0c5da73429a2314575e96993c21da9f600c447351872cb1b1cfd10613f90308b378b14ca71b7ccc2ca867f6f75ed478e901f490b7fc6bf5cd2a6a1

  • SSDEEP

    768:/dhO/poiiUcjlJInqqH9Xqk5nWEZ5SbTDaPWI7CPW5q:1w+jjgnpH9XqcnW85SbTuWIi

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_Cheat_Service

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    WinDefender-Service

Targets

    • Target

      Xeno-v1.1.6.exe

    • Size

      45KB

    • MD5

      0f528a61dfeeefd4c08b59f46ed82b2e

    • SHA1

      b472ae85845a2cd715929368fa7facbbf40ca879

    • SHA256

      20e0f560eacb96e25bcd73ca7be5ee202e386c2c1c280c543817f9d377a20bba

    • SHA512

      cb7110729e0c5da73429a2314575e96993c21da9f600c447351872cb1b1cfd10613f90308b378b14ca71b7ccc2ca867f6f75ed478e901f490b7fc6bf5cd2a6a1

    • SSDEEP

      768:/dhO/poiiUcjlJInqqH9Xqk5nWEZ5SbTDaPWI7CPW5q:1w+jjgnpH9XqcnW85SbTuWIi

    Score
    10/10
    xenoratdiscoveryrattrojan

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Xenorat family

      xenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.