CYFIRMA Research - Xeno RAT: A New Remote Access Trojan with Advance Capabilities

02/27/24 • 3 min

CYFIRMA’s research team has discovered a new Remote Access Trojan named Xeno-RAT, featuring sophisticated capabilities. Through comprehensive analysis, our report explores the various evasion techniques utilized by threat actors to circumvent detection, as well as elucidates the methods employed in creating robust malware payloads.
Xeno RAT, a potent malware written in C# with advanced capabilities, demonstrates an alarming trend as it continuously evolves to enhance its features. It exploits the DLL search order functionality in Windows to load malicious DLLs into trusted executable processes and employs process injection to inject malicious code into legitimate Windows processes. Employing a multi-stage infection process, it meticulously avoids detection by scrutinizing for debuggers, monitoring tools, and analysis software before executing its final stage. Equipped with anti-debugging techniques, it operates stealthily and ensures persistence by adding itself to scheduled tasks. Continuously monitoring compromised systems, it communicates with command-and-control servers for status updates and instructions at regular intervals. Extensive obfuscation techniques are utilized both within files/code and in network traffic to effectively evade detection.
To mitigate the risks associated with Xeno RAT malware, users are advised to exercise caution when accessing files from untrustworthy sources or clicking on unfamiliar links. Implementing robust cybersecurity measures, including reputable antivirus software, regular software updates, and awareness of social engineering tactics, is crucial in fortifying protection against such threats.
Link to the Research Report: Xeno RAT: A New Remote Access Trojan with Advance Capabilities - CYFIRMA
#Cyfirma #CyberSecurity #ThreatIntelligence #Xeno-RAT #InfoSec #MalwareAnalysis #CyfirmaResearch #ExternalThreatLandscapeManagement #ETLM #Malware

https://www.cyfirma.com/

https://www.cyfirma.com/

Previous Episode

CYFIRMA Research - Iran Contributes to the Escalating Geo-Political Threat Landscape

The recent acceleration in hostilities involving Iran-backed militias and the United States, coupled with a surge in Israeli strikes on Iranian positions in Syria, seems to have compelled Tehran to reassess elements of its regional strategy. These regional escalations come at an inopportune time for Iran. This report assesses the current situation in the Middle East, including Iran’s current posture and provides an assessment that Iran will diminish its overt military footprint and focus more on activity in Cyberspace.
Link to the Research Report: IRAN CONTRIBUTES TO THE ESCALATING GEO-POLITICAL THREAT LANDSCAPE - CYFIRMA
#Geopolitics #Cyfirmaresearch #ThreatIntelligence #cybersecurity #ETLM #currentaffairs MuddyWater, #CottonSandstorm #Static Kitten #Syria #RedSea #MiddleEast #Cyfirma #Iran #ExternalThreatLandscapeManagement

https://www.cyfirma.com/

Next Episode

CYFIRMA Research - Exploit Analysis: SSRF and Command Injection for Unauthenticated RCE in Ivanti Connect Secure

Read our Cyfirma Research report, which explores why Ivanti Connect Secure & Policy Secure users, should be cautious of a critical SSRF vulnerability (CVE-2024-21893) which affects your systems, enabling attackers to bypass mitigations and execute remote code. Exploits, like CVE-2023-46805 & CVE-2024-21887, demonstrate the severity.
Ivanti has released a second mitigation and patches to address all vulnerabilities. Ensure your systems are up to date and protected against these threats. Stay vigilant and take action to safeguard your network.
Link to the Research Report: Exploit Analysis: SSRF and Command Injection for Unauthenticated RCE in Ivanti Connect Secure - CYFIRMA
#CyberSecurity #Vulnerability #Ivanti #SSRF #PatchNow # CVE-2023-46805 #CVE-2024-21887 #CVE-2024-21893 #IvantiConnectSecure #CyfirmaResearch #Cyfirma #ExternalThreatLandscapeManagement #ETLM

https://www.cyfirma.com/