General

  • Target

    VioletClient.exe

  • Size

    1.0MB

  • Sample

    250602-rzcv5svjy7

  • MD5

    8a247dfacf3c219c8e666902c5638113

  • SHA1

    4a785661278e2e34e4d95e92b52a1752dcf9f827

  • SHA256

    ecbc3e7c9397f5c21185f16120699efeb0dd89b27f41f4632567143ecbb18552

  • SHA512

    3c2f8d773f62d33493f7e895cb153f6f2509508082413abacfdb299a2f8c38fbcf26454a946d90da66aeaea57774fcaec29919b9ab221f3550422e670ff2e3dd

  • SSDEEP

    12288:/4rapNA5WQ0eApa0be2RXTUdinUx5/xBgHvrKSkhxp7ACKLyTbku5bhHAVXuv2vL:MvwJTIMcpd7aE/Fm4Za

Malware Config

Targets

    • Target

      VioletClient.exe

    • Size

      1.0MB

    • MD5

      8a247dfacf3c219c8e666902c5638113

    • SHA1

      4a785661278e2e34e4d95e92b52a1752dcf9f827

    • SHA256

      ecbc3e7c9397f5c21185f16120699efeb0dd89b27f41f4632567143ecbb18552

    • SHA512

      3c2f8d773f62d33493f7e895cb153f6f2509508082413abacfdb299a2f8c38fbcf26454a946d90da66aeaea57774fcaec29919b9ab221f3550422e670ff2e3dd

    • SSDEEP

      12288:/4rapNA5WQ0eApa0be2RXTUdinUx5/xBgHvrKSkhxp7ACKLyTbku5bhHAVXuv2vL:MvwJTIMcpd7aE/Fm4Za

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks