Overview

overview

10

Static

static

10

xeno.exe

windows7-x64

10

xeno.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    xeno.zip

  • Size

    19KB

  • Sample

    250323-qvjbpastav

  • MD5

    6a7f402ba319f534c1da4f4b9859461f

  • SHA1

    9b159c07c6d2690fba81bc14147205a9c45198b2

  • SHA256

    4a58d1633cdd14d6087276dec8fa6521559746f0e5a9a622a95775815ead1dab

  • SHA512

    61a2a585405635a8f86b695e08582c21db62ae0b1f1782503f98c10b87c4214fcd483a29f1d7c4f25ed1122385e258cf142a5ca2a3f37e47103075ab56daeb0c

  • SSDEEP

    384:HxeTubVVOQi4yawG5cPksgkjCmR7kf9uVPiV7bVKlsy:RQub1ivPG5fsgM7EuP2Alv

Score
10/10
xenoratdiscoveryrattrojan

Malware Config

Extracted

Family

xenorat

C2

147.185.221.27

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    temp

  • port

    12362

  • startup_name

    nothingset

Targets

    • Target

      xeno.exe

    • Size

      45KB

    • MD5

      6250a6de61be4f983423be8c78f9aa07

    • SHA1

      04ff439e9d6e42bcda49e25180a06b72c21b92a3

    • SHA256

      f6f7293893670d2aca6ac7208496e44c8733b84155e140f58ce85a0cf49211b3

    • SHA512

      4ad73a3ea7e553c63186d314339d7e6c2f290448ebe7b2a974ab17118fa49c72d3be471006f4a7971708702bea270ef76041ade40cc23b74c3474a23406a41b6

    • SSDEEP

      768:edhO/poiiUcjlJInYFH9Xqk5nWEZ5SbTDaTWI7CPW5V:ow+jjgnAH9XqcnW85SbTCWId

    Score
    10/10
    xenoratdiscoveryrattrojan

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

      trojanratxenorat

    • Xenorat family

      xenorat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks