xenorat | 6025d9decad215703487c83f75ccf9d5f528bed582ab809ddd117e372424dc72 | Triage

Submit
Reports

Overview

overview

Static

static

1

Tutorial Files(1).js

windows11-21h2-x64

Sharing

General

Target

Tutorial Files(1).txt
Size

2KB
Sample

250408-pjvpxatqv5
MD5

5600477fbd3d6bde63f31d2ceaf95d5a
SHA1

b2e700cad0d80e19ce84750ba55ca387f0bd4bf3
SHA256

6025d9decad215703487c83f75ccf9d5f528bed582ab809ddd117e372424dc72
SHA512

d8586a1daa7a9d73d1ee3cf72ac62f799ae687107ffcb83a7b6d766d6ed15b6ea46ab7f013a5461701f4af4f4aedb2391d3759030f3c0f26ba868efd3cf0053f

Score

10^/10

xenorat defense_evasion discovery execution persistence privilege_escalation rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

Tutorial Files(1).js

Resource

win11-20250314-en

xenorat defense_evasion discovery execution persistence privilege_escalation rat trojan

windows11-21h2-x64

25 signatures

900 seconds

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
nothingset

Targets

- Target
  
  Tutorial Files(1).txt
- Size
  
  2KB
- MD5
  
  5600477fbd3d6bde63f31d2ceaf95d5a
- SHA1
  
  b2e700cad0d80e19ce84750ba55ca387f0bd4bf3
- SHA256
  
  6025d9decad215703487c83f75ccf9d5f528bed582ab809ddd117e372424dc72
- SHA512
  
  d8586a1daa7a9d73d1ee3cf72ac62f799ae687107ffcb83a7b6d766d6ed15b6ea46ab7f013a5461701f4af4f4aedb2391d3759030f3c0f26ba868efd3cf0053f
Score

10^/10

xenorat defense_evasion discovery execution persistence privilege_escalation rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationrattrojan

© 2018-2025

Terms | Privacy