General
-
Target
VioletClient.exe
-
Size
1.0MB
-
Sample
250602-rzcv5svjy7
-
MD5
8a247dfacf3c219c8e666902c5638113
-
SHA1
4a785661278e2e34e4d95e92b52a1752dcf9f827
-
SHA256
ecbc3e7c9397f5c21185f16120699efeb0dd89b27f41f4632567143ecbb18552
-
SHA512
3c2f8d773f62d33493f7e895cb153f6f2509508082413abacfdb299a2f8c38fbcf26454a946d90da66aeaea57774fcaec29919b9ab221f3550422e670ff2e3dd
-
SSDEEP
12288:/4rapNA5WQ0eApa0be2RXTUdinUx5/xBgHvrKSkhxp7ACKLyTbku5bhHAVXuv2vL:MvwJTIMcpd7aE/Fm4Za
Static task
static1
Behavioral task
behavioral1
Sample
VioletClient.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
VioletClient.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
VioletClient.exe
-
Size
1.0MB
-
MD5
8a247dfacf3c219c8e666902c5638113
-
SHA1
4a785661278e2e34e4d95e92b52a1752dcf9f827
-
SHA256
ecbc3e7c9397f5c21185f16120699efeb0dd89b27f41f4632567143ecbb18552
-
SHA512
3c2f8d773f62d33493f7e895cb153f6f2509508082413abacfdb299a2f8c38fbcf26454a946d90da66aeaea57774fcaec29919b9ab221f3550422e670ff2e3dd
-
SSDEEP
12288:/4rapNA5WQ0eApa0be2RXTUdinUx5/xBgHvrKSkhxp7ACKLyTbku5bhHAVXuv2vL:MvwJTIMcpd7aE/Fm4Za
Score10/10-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1