xenorat | 4edcb51c961470638828b8f48a0259fb4b9645192f0b30e1d79b789c9b4c4d7f | Triage

Sharing

General

Target

4edcb51c961470638828b8f48a0259fb4b9645192f0b30e1d79b789c9b4c4d7f
Size

45KB
MD5

0b4ced1e11fac0306ee8d9411aea4219
SHA1

254c74fa4b822381dfb2d258ad77b9935ad619c6
SHA256

4edcb51c961470638828b8f48a0259fb4b9645192f0b30e1d79b789c9b4c4d7f
SHA512

76d0b8d66a84ac66b6ba6a08ad5e2e9ee1f9893c182b4e1be1f236a69bdbeb91139a1b8936e87eb2fed44627f5afc63a30404e279d840a27e5de0926a7a07eed
SSDEEP

768:tdhO/poiiUcjlJInLzo4mH9Xqk5nWEZ5SbTDaoWI7CPW5V:jw+jjgnw4mH9XqcnW85SbTJWId

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

C2

217.63.234.90

Mutex

Xeno_rat_nd8912ddd

Attributes

delay
3500
install_path
appdata
port
8808
startup_name
svchost.exe

Signatures

Xenorat family
xenorat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4edcb51c961470638828b8f48a0259fb4b9645192f0b30e1d79b789c9b4c4d7f

Files

4edcb51c961470638828b8f48a0259fb4b9645192f0b30e1d79b789c9b4c4d7f
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ