Behavioral task
behavioral1
Sample
373c2274f9add075ba56475a4ac45a313b118fbf88c2025923870c25e794a1a7.exe
Resource
win7-20240221-en
General
-
Target
373c2274f9add075ba56475a4ac45a313b118fbf88c2025923870c25e794a1a7.exe
-
Size
45KB
-
MD5
a2eea60f1991928460eca53fb86f127b
-
SHA1
b5d31c9b199a9754a3ee7d7b9d35f8a98ed3b340
-
SHA256
373c2274f9add075ba56475a4ac45a313b118fbf88c2025923870c25e794a1a7
-
SHA512
7e3f2551fa8aebb04ad811613b934af4c930e79b1f743d8ddf0bc6cf92c9fb23f6500e38b315fe7bd59bc582de3c759f7016f51d03aa5fc826eba0c515125876
-
SSDEEP
768:fdhO/poiiUcjlJIni2gH9Xqk5nWEZ5SbTDajuI7CPW5G:Vw+jjgniLH9XqcnW85SbTuuIe
Malware Config
Extracted
xenorat
dentiste.ddns.net
Xeno_syteme_update
-
delay
5000
-
install_path
appdata
-
port
7011
-
startup_name
System
Signatures
-
Xenorat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 373c2274f9add075ba56475a4ac45a313b118fbf88c2025923870c25e794a1a7.exe
Files
-
373c2274f9add075ba56475a4ac45a313b118fbf88c2025923870c25e794a1a7.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ