General
-
Target
OHIO.exe
-
Size
45KB
-
MD5
204bbef87179ce538967d0a2deeaf1f1
-
SHA1
ded1fd9dbe871303791abfab7868ec7c08e693dc
-
SHA256
726846fbb5d59c18d5dac5030922dd48dd2a5c7f2c3f5d588cf390f7b854aa99
-
SHA512
fac8562234b5a62946c77fffb0b2e7f6c9d54d76476a825cafae9b387b72e477b378a0999235b0acefb7bb1aceed62584a8d8883d2a4046be411a829b99fac0d
-
SSDEEP
768:TdhO/poiiUcjlJInp2gH9Xqk5nWEZ5SbTDaXuI7CPW5I:hw+jjgnpLH9XqcnW85SbT6uIA
Malware Config
Extracted
xenorat
127.0.0.1
Xeno_rat_nd8912d
-
delay
5000
-
install_path
temp
-
port
4444
-
startup_name
Windows Protection
Signatures
-
Xenorat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource OHIO.exe
Files
-
OHIO.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ