xenorat | 58efe85ed7651162a5cf27db123dcc39ec7349e32b3e4aee8f909eefbf85f4e2 | Triage

Resubmissions

11/04/2025, 17:50

250411-wetelswwat 10

11/04/2025, 17:47

250411-wc12nswvfy 10

Sharing

General

Target

ninja.png
Size

35KB
Sample

250411-wc12nswvfy
MD5

cff41edc8048fa8734dadcb3b474ce2c
SHA1

172c6ab572d34a25c6d7a06d3f0ea992650a9654
SHA256

58efe85ed7651162a5cf27db123dcc39ec7349e32b3e4aee8f909eefbf85f4e2
SHA512

9e5f2b72a166bab12eb86232ab6731ded4bb70f5eab4a94559b9b370387df14c93c987423512981740c9e3ea2131d96dcab76754b296119499d48854df5880ae
SSDEEP

768:THMfJYsiXYyvLAzjFgPdSr0yPJ1BSpNXKYcjyROQCZ:THKJNioALAXyPdSoyU9cjHQCZ

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

C2

178.83.80.11

Mutex

WinStart

Attributes

delay
5000
install_path
appdata
port
4782
startup_name
WinStart

Targets

- Target
  
  ninja.png
- Size
  
  35KB
- MD5
  
  cff41edc8048fa8734dadcb3b474ce2c
- SHA1
  
  172c6ab572d34a25c6d7a06d3f0ea992650a9654
- SHA256
  
  58efe85ed7651162a5cf27db123dcc39ec7349e32b3e4aee8f909eefbf85f4e2
- SHA512
  
  9e5f2b72a166bab12eb86232ab6731ded4bb70f5eab4a94559b9b370387df14c93c987423512981740c9e3ea2131d96dcab76754b296119499d48854df5880ae
- SSDEEP
  
  768:THMfJYsiXYyvLAzjFgPdSr0yPJ1BSpNXKYcjyROQCZ:THKJNioALAXyPdSoyU9cjHQCZ
Score

10^/10

xenorat discovery rat trojan
- Detect XenoRat Payload
- XenorRat
  XenorRat is a remote access trojan written in C#.
  trojan rat xenorat
- Xenorat family
  xenorat
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xenoratdiscoveryrattrojan