Extracted

Extracted

• • Target

    Xenos64.exe

  • Size

    822KB

  • MD5

    c534acff6f393a7e0080adc2497b4dac

  • SHA1

    880c5bab820a36a8cf799d8bfffbd99b12c50fd3

  • SHA256

    a9c2bcc9730134d4c37d077b598cd1542c23c82e462bed69fd8786a11018dc30

  • SHA512

    178eaa6d06a18e29da4ad0f69fbe8eee57643e1729d5f55c0151283d203abc58e736d8cc574604f792f38df4758a57aaf1b81ac29f2478c8efc3ed29256dff6d

  • SSDEEP

    24576:lgZXoZUTVdt7K1Si1Gwpr83MdAl+DjbJyod:QeSq1r88d6Uz

  Score

  10^/10

  asyncratdefaultevasionratspywarestealer

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat

  • Async RAT payload

    rat

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1