xenorat | ac7797b246bfd72068e3cb41f7a9b7db3275a2791969626198f323434fbb0f84 | Triage

Sharing

General

Target

skidiponly.exe
Size

46KB
Sample

250331-tea7xswjw5
MD5

aefa96ed190a866e6a3cb1d80c68d497
SHA1

e8449d566506e6c153d536cff3e444e73403d4ce
SHA256

ac7797b246bfd72068e3cb41f7a9b7db3275a2791969626198f323434fbb0f84
SHA512

e2a8ba27a0b1972b513caee831bcd5175f6407a3cdc6d061782049a608f3ed2c457b0b914589967bbd6e37f06173f5cf1bf735e032d882e47287e4d1f92b38e0
SSDEEP

768:cdhO/poiiUcjlJInXJH9Xqk5nWEZ5SbTDaJWI7CPW5p:Ww+jjgnZH9XqcnW85SbTwWIR

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

193.161.193.99

Mutex

skid_nigger@skid_C2

Attributes

delay
5000
install_path
appdata
port
20192
startup_name
Windows Updater

Targets

- Target
  
  skidiponly.exe
- Size
  
  46KB
- MD5
  
  aefa96ed190a866e6a3cb1d80c68d497
- SHA1
  
  e8449d566506e6c153d536cff3e444e73403d4ce
- SHA256
  
  ac7797b246bfd72068e3cb41f7a9b7db3275a2791969626198f323434fbb0f84
- SHA512
  
  e2a8ba27a0b1972b513caee831bcd5175f6407a3cdc6d061782049a608f3ed2c457b0b914589967bbd6e37f06173f5cf1bf735e032d882e47287e4d1f92b38e0
- SSDEEP
  
  768:cdhO/poiiUcjlJInXJH9Xqk5nWEZ5SbTDaJWI7CPW5p:Ww+jjgnZH9XqcnW85SbTwWIR
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan