xenorat | 5c24efdc7fa4e803616b48f2fa03c861b2d87dc6339b298baf8626a220b2e930 | Triage

Submit
Reports

Overview

overview

Static

static

skid.exe

windows10-2004-x64

skid.exe

windows10-ltsc_2021-x64

skid.exe

windows11-21h2-x64

Sharing

General

Target

skid.exe
Size

46KB
Sample

250331-s6pc7avqz5
MD5

b61b5c0bff0b8923d7457866ff3ddf4e
SHA1

dbe578aee200e3665053801d93447e3e98e6c75a
SHA256

5c24efdc7fa4e803616b48f2fa03c861b2d87dc6339b298baf8626a220b2e930
SHA512

624ed755bed9051ed952559814ece72d5e8c97c9c3a28137a90893b474dbe00311fd27050e5cc60fe70dbb74e56c1c4126a3b8d6b910b56135e4185f8d79c94c
SSDEEP

768:7dhO/poiiUcjlJInWa3H9Xqk5nWEZ5SbTDaTuI7CPW5h:pw+jjgnzH9XqcnW85SbTWuIZ

Score

10^/10

xenorat discovery rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

skid.exe

Resource

win10v2004-20250314-en

xenorat discovery rat trojan

windows10-2004-x64

9 signatures

60 seconds

Behavioral task

behavioral2

Sample

skid.exe

Resource

win10ltsc2021-20250314-en

xenorat discovery rat trojan

windows10-ltsc_2021-x64

9 signatures

60 seconds

Behavioral task

behavioral3

Sample

skid.exe

Resource

win11-20250313-en

xenorat discovery rat trojan

windows11-21h2-x64

8 signatures

60 seconds

Malware Config

Extracted

Family

xenorat

C2

tcp://adminaahliya-20192.portmap.io

Mutex

skid_nigger@skid_C2

Attributes

delay
5000
install_path
appdata
port
20192
startup_name
Windows Updater

Targets

- Target
  
  skid.exe
- Size
  
  46KB
- MD5
  
  b61b5c0bff0b8923d7457866ff3ddf4e
- SHA1
  
  dbe578aee200e3665053801d93447e3e98e6c75a
- SHA256
  
  5c24efdc7fa4e803616b48f2fa03c861b2d87dc6339b298baf8626a220b2e930
- SHA512
  
  624ed755bed9051ed952559814ece72d5e8c97c9c3a28137a90893b474dbe00311fd27050e5cc60fe70dbb74e56c1c4126a3b8d6b910b56135e4185f8d79c94c
- SSDEEP
  
  768:7dhO/poiiUcjlJInWa3H9Xqk5nWEZ5SbTDaTuI7CPW5h:pw+jjgnzH9XqcnW85SbTWuIZ
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan

behavioral2

xenoratdiscoveryrattrojan

behavioral3

xenoratdiscoveryrattrojan

© 2018-2025

Terms | Privacy