General
-
Target
https://getsolara.live/download/SolaraBootstrapper.exe
-
Sample
250406-azcrpsytfz
Score
10/10
Malware Config
Extracted
Family
xenorat
C2
127.0.0.1
Mutex
Solara_Bootstrap
Attributes
-
delay
5000
-
install_path
appdata
-
port
4444
-
startup_name
Solara Executor
Targets
-
-
Target
https://getsolara.live/download/SolaraBootstrapper.exe
Score10/10-
Detect XenoRat Payload
-
XenorRat
XenorRat is a remote access trojan written in C#.
-
Xenorat family
-
Downloads MZ/PE file
-
Executes dropped EXE
-