xenorat | 7957c29721571c011f471853a3a8033f4af0c14c724492e87ccfeefa06aebfa2 | Triage

Sharing

General

Target

setup.exe
Size

45KB
Sample

250401-n2ynvaysaw
MD5

b377774f8413ba12b5a219c8cdfaa6cc
SHA1

d8a032bfdc48ce26f6251ea03e5d231fdc705037
SHA256

7957c29721571c011f471853a3a8033f4af0c14c724492e87ccfeefa06aebfa2
SHA512

b3f7f1c762217811883383d5ad659f0e41f74ce0055b64e3b5c2c38cf507dac2572e1f0e9deb1511dd8b1b2376e1b4bf8700c5622ad5824a93c9f50cc579b153
SSDEEP

768:MMdhO/poiiUcjlJInXFH9Xqk5nWEZ5SbTDavWI7CPW53b:5w+jjgnVH9XqcnW85SbTGWIfb

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

78.56.45.239

Mutex

REPO_57638

Attributes

delay
5000
install_path
appdata
port
1488
startup_name
REPO

Targets

- Target
  
  setup.exe
- Size
  
  45KB
- MD5
  
  b377774f8413ba12b5a219c8cdfaa6cc
- SHA1
  
  d8a032bfdc48ce26f6251ea03e5d231fdc705037
- SHA256
  
  7957c29721571c011f471853a3a8033f4af0c14c724492e87ccfeefa06aebfa2
- SHA512
  
  b3f7f1c762217811883383d5ad659f0e41f74ce0055b64e3b5c2c38cf507dac2572e1f0e9deb1511dd8b1b2376e1b4bf8700c5622ad5824a93c9f50cc579b153
- SSDEEP
  
  768:MMdhO/poiiUcjlJInXFH9Xqk5nWEZ5SbTDavWI7CPW53b:5w+jjgnVH9XqcnW85SbTGWIfb
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan