General

  • Target

    bomb.exe

  • Size

    46KB

  • Sample

    250604-xqntyatxhx

  • MD5

    427d43efc21fbb725ca5e1a57380a6ef

  • SHA1

    63d091f2e8f2270d88b8eb46084d213d16d6cbb5

  • SHA256

    76ce289ac221d440ce01f8c83c192d94e103e1231cc31f7bb9c7beefc3ebb225

  • SHA512

    30836810a296e89a1b3208b500ea153ccf90fd19f4d8d0f14372d196d3b420c55081c760ba9ca0ae61fbc345ec86420a453ac0571d1488db98c033d042be485e

  • SSDEEP

    768:YdhO/poiiUcjlJInKWH9Xqk5nWEZ5SbTDaGWI7CPW5v:Kw+jjgnVH9XqcnW85SbTPWIX

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

Xeno

Attributes
  • delay

    5000

  • install_path

    nothingset

  • port

    4444

  • startup_name

    nothingset

Targets

    • Target

      bomb.exe

    • Size

      46KB

    • MD5

      427d43efc21fbb725ca5e1a57380a6ef

    • SHA1

      63d091f2e8f2270d88b8eb46084d213d16d6cbb5

    • SHA256

      76ce289ac221d440ce01f8c83c192d94e103e1231cc31f7bb9c7beefc3ebb225

    • SHA512

      30836810a296e89a1b3208b500ea153ccf90fd19f4d8d0f14372d196d3b420c55081c760ba9ca0ae61fbc345ec86420a453ac0571d1488db98c033d042be485e

    • SSDEEP

      768:YdhO/poiiUcjlJInKWH9Xqk5nWEZ5SbTDaGWI7CPW5v:Kw+jjgnVH9XqcnW85SbTPWIX

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v16

Tasks