General
-
Target
rdr2_cheat.rar
-
Size
4.5MB
-
Sample
210417-j91s5g6ss2
-
MD5
4c765ea7c77b78157630b2eb6b15338b
-
SHA1
6cafcfb6e3ab32fd6365f292972fe8c3899cd861
-
SHA256
6ae78f6d033a71828e1c27fbc946eb2e54bbb1bbaf54f541bcb89b4923d4baf8
-
SHA512
69d60fb7a8dbc247f56cb6c72e86107bd9d24e7fc3ad591e1ed537cfe1c331fbf71a52c05c7b2c9c47788724657b8df5f5df408ab958fc86895226fcf0200113
Static task
static1
Behavioral task
behavioral1
Sample
Xenos/Xenos.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Xenos/Xenos.exe
Resource
win10v20210410
Behavioral task
behavioral3
Sample
Xenos/Xenos64.exe
Resource
win7v20210408
Behavioral task
behavioral4
Sample
Xenos/Xenos64.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
Xenos/Xenos.exe
-
Size
2.7MB
-
MD5
5ace881a1b19ebadba5a61e54a09ace6
-
SHA1
49c128c18def94c80dbe88252e7314de4a11bdcc
-
SHA256
9d87b177d70801208016cd051a5d64ad806812e3a88d1620ec988eb4b9ef2757
-
SHA512
3a921ab09a84b68e4fd99ad20787c14bbfde6cc109f13e3cc0c390592cd065753d3e58f185ba51862b5355b5e67127a998cdf6fc401e713f3f22086e4ac2a057
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Xenos/Xenos64.exe
-
Size
1.7MB
-
MD5
60353054a7bc4c9ed8189bc4f5086eb0
-
SHA1
a787aed5e3ecb6986fd7dc6eb240342c74e9709a
-
SHA256
6040f88011800fb52b4ec898d15060960b290165876ea27e1cb9b75b19a1f545
-
SHA512
35e531c9fa92b10180d4d81728c093b51dbd6c1b5e24f3a2bab0b98d10d7cafd3889fb0582f0f45c90a005bd7cf01406dd589c2a8ecb3f5e587989749e4ea272
Score10/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-