Xeno RAT: A New Remote Access Trojan with Advance Capabilities - CYFIRMA
Tags
cmtmf-attack-pattern: Process Injection
maec-delivery-vectors: Watering Hole
attack-pattern: Data Debugger Evasion - T1622 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malicious File - T1204.002 Malicious Image - T1204.003 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Process Injection - T1631 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Virtualization/Sandbox Evasion - T1497 Virtualization/Sandbox Evasion - T1633 Connection Proxy - T1090 Custom Cryptographic Protocol - T1024 Process Injection - T1055 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID d4b6cc84-f6ee-4219-bab7-9817d3bb40af
Fingerprint 943c1913a9b44691
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 23, 2024, 3:33 p.m.
Added to db Dec. 18, 2024, 9:53 p.m.
Last updated Dec. 25, 2024, 2:19 p.m.
Headline Xeno RAT: A New Remote Access Trojan with Advance Capabilities
Title Xeno RAT: A New Remote Access Trojan with Advance Capabilities - CYFIRMA
Detected Hints/Tags/Attributes 74/3/32
Source URLs
Redirection Url
Details Source https://www.cyfirma.com/research/xeno-rat-a-new-remote-access-trojan-with-advance-capabilities/
Details Redirection https://www.cyfirma.com/outofband/xeno-rat-a-new-remote-access-trojan-with-advance-capabilities/
URL Provider
Details Provider Source level domain
Details cyfirma.com www.cyfirma.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
internal-liveapps.online
Details Domain 1 
sys.zip
Details File 1 
screenshot_2024-01-30_w-69-06-18264122612_dcim.png
Details File 1 
whatsapp_2023-12-12_12-59-06-18264122612_dcim.png
Details File 1 
sys.zip
Details File 7 
adexplorer64.exe
Details File 9 
samcli.dll
Details File 1 
samcli.exe
Details File 38 
hh.exe
Details File 1 
support.url
Details File 17 
colorcpl.exe
Details File 1349 
explorer.exe
Details md5 1 
13b1d354ac2649b309b0d9229def8091
Details md5 1 
6f9e84087cabbb9aaa7d8aba43a84dcf
Details md5 1 
2661f8272ada236cf3aeb9ce9323626c
Details md5 1 
7704241dd8770b11b50b1448647197a5
Details md5 1 
0aa5930aa736636fd95907328d47ea45
Details sha256 1 
848020d2e8bacd35c71b78e1a81c669c9dc63c78dd3db5a97200fc87aeb44c3c
Details sha256 1 
4d0d8c2696588ff74fe7d9f8c2097fddd665308fccf16ffea23b9741a261b1c0
Details sha256 3 
e451287843b3927c6046eaabd3e22b929bc1f445eec23a73b1398b115d02e4fb
Details sha256 1 
1762536a663879d5fb8a94c1d145331e1d001fb27f787d79691f9f8208fc68f2
Details sha256 1 
96b091ce5d06afd11ee5ad911566645dbe32bfe1da2269a3d3ef8d3fa0014689
Details IPv4 1 
45.61.139.51
Details IPv4 1582 
127.0.0.1
Details MITRE ATT&CK Techniques 368 
T1059.003
Details MITRE ATT&CK Techniques 302 
T1053.005
Details MITRE ATT&CK Techniques 117 
T1204.001
Details MITRE ATT&CK Techniques 1 
T1024.002
Details MITRE ATT&CK Techniques 61 
T1622
Details MITRE ATT&CK Techniques 257 
T1497
Details MITRE ATT&CK Techniques 487 
T1055
Details MITRE ATT&CK Techniques 480 
T1071.001