General

  • Target

    hasan.exe

  • Size

    45KB

  • Sample

    250329-v5jsesyrw4

  • MD5

    3b9d5161dd02e07f0bfc0303938a2e6a

  • SHA1

    47f16a88c22e02b4abb8d91615a372b33c9d6bd4

  • SHA256

    2ac470d3084c50abe5bcd7bd8dd5cae1f66e4eba957851cb103c2b2d0d9d4f04

  • SHA512

    76d076a153d1e94406a577e44cd9452da37933d37e15e6957b26264e8fa65ff694c4883a003160fc42d402c5371c3202371f7d72a404813bcfd18adfd8b7f15a

  • SSDEEP

    768:JdhO/poiiUcjlJInGFH9Xqk5nWEZ5SbTDa8WI7CPW55:Hw+jjgn2H9XqcnW85SbT1WIh

Malware Config

Extracted

Family

xenorat

C2

95.70.219.212

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    nothingset

  • port

    4782

  • startup_name

    nothingset

Targets

    • Target

      hasan.exe

    • Size

      45KB

    • MD5

      3b9d5161dd02e07f0bfc0303938a2e6a

    • SHA1

      47f16a88c22e02b4abb8d91615a372b33c9d6bd4

    • SHA256

      2ac470d3084c50abe5bcd7bd8dd5cae1f66e4eba957851cb103c2b2d0d9d4f04

    • SHA512

      76d076a153d1e94406a577e44cd9452da37933d37e15e6957b26264e8fa65ff694c4883a003160fc42d402c5371c3202371f7d72a404813bcfd18adfd8b7f15a

    • SSDEEP

      768:JdhO/poiiUcjlJInGFH9Xqk5nWEZ5SbTDa8WI7CPW55:Hw+jjgn2H9XqcnW85SbT1WIh

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

MITRE ATT&CK Enterprise v15

Tasks