General

  • Target

    rat.rar

  • Size

    5.4MB

  • Sample

    250327-aw665svxcv

  • MD5

    a3d5c4028d547697828f7a8eb976cb50

  • SHA1

    1d709a8c41d61d0878fbc64d8cef1566f991a954

  • SHA256

    e7eb57a09abcac91c3d9298dc88de93f61ffbb08e11dca9940f9952a509babac

  • SHA512

    dfd58de842b1676c65ce77ffa8620c59ff5bef0a01d34e21cfdd0de3837d1b454b415da188b97a8f4c51c9c30ec3323d64c9b6c84f07c9d6f33ee1ac8797ed83

  • SSDEEP

    98304:zkvdGTjS7m14zFsB0m8IHRo6RXqNpzEZXuw9/7C0QisowS4Sio7/1nC2h/G5VZc:gvajIS0m8IS6R6PQVzC0Ckio7/lGO

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    nothingset

  • port

    4444

  • startup_name

    nothingset

Targets

    • Target

      rat.rar

    • Size

      5.4MB

    • MD5

      a3d5c4028d547697828f7a8eb976cb50

    • SHA1

      1d709a8c41d61d0878fbc64d8cef1566f991a954

    • SHA256

      e7eb57a09abcac91c3d9298dc88de93f61ffbb08e11dca9940f9952a509babac

    • SHA512

      dfd58de842b1676c65ce77ffa8620c59ff5bef0a01d34e21cfdd0de3837d1b454b415da188b97a8f4c51c9c30ec3323d64c9b6c84f07c9d6f33ee1ac8797ed83

    • SSDEEP

      98304:zkvdGTjS7m14zFsB0m8IHRo6RXqNpzEZXuw9/7C0QisowS4Sio7/1nC2h/G5VZc:gvajIS0m8IS6R6PQVzC0Ckio7/lGO

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks