CYFIRMA’s research team has discovered a new Remote Access Trojan named Xeno-RAT, featuring sophisticated capabilities. Through comprehensive analysis, our report explores the various evasion techniques utilized by threat actors to circumvent detection, as well as elucidates the methods employed in creating robust malware payloads.
Xeno RAT, a potent malware written in C# with advanced capabilities, demonstrates an alarming trend as it continuously evolves to enhance its features. It exploits the DLL search order functionality in Windows to load malicious DLLs into trusted executable processes and employs process injection to inject malicious code into legitimate Windows processes. Employing a multi-stage infection process, it meticulously avoids detection by scrutinizing for debuggers, monitoring tools, and analysis software before executing its final stage. Equipped with anti-debugging techniques, it operates stealthily and ensures persistence by adding itself to scheduled tasks. Continuously monitoring compromised systems, it communicates with command-and-control servers for status updates and instructions at regular intervals. Extensive obfuscation techniques are utilized both within files/code and in network traffic to effectively evade detection.
To mitigate the risks associated with Xeno RAT malware, users are advised to exercise caution when accessing files from untrustworthy sources or clicking on unfamiliar links. Implementing robust cybersecurity measures, including reputable antivirus software, regular software updates, and awareness of social engineering tactics, is crucial in fortifying protection against such threats.
Link to the Research Report: Xeno RAT: A New Remote Access Trojan with Advance Capabilities - CYFIRMA
#Cyfirma #CyberSecurity #ThreatIntelligence #Xeno-RAT #InfoSec #MalwareAnalysis #CyfirmaResearch #ExternalThreatLandscapeManagement #ETLM #Malware

https://www.cyfirma.com/