xenorat | Vape Launcher[.]rar | Triage

Sharing

General

Target

Vape Launcher.rar
Size

18KB
MD5

2a2f0ec4d7927f2a6cacc44767a12388
SHA1

0ef4541bbff76920499bd37d8959f4d0f21bc90b
SHA256

186e1599e1ddb0030f0c4c514bf9a2158f12ebc29b3e1c86ffa34562599cf79c
SHA512

f4bb2fa1ad26f98e2e519da36a2092ec1bb354f1cfa7c231d84e1a649b6bc752ef8b95178d1413db59dddb7606f62990290471cc45c8425278ffb60cbdebf550
SSDEEP

384:0tmxT9fHe47EdINnygB0WKGrYMRSnYez1+rZ/OfVeraYDPvn/qSicvgDilq/RY:0tIR+478QyCzl0MFezOqVeraYDPv/ziM

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

VapePatcher

Attributes

delay
5000
install_path
appdata
port
6666
startup_name
Minecraft Launcher

Signatures

Xenorat family
xenorat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Vape Launcher.exe

Files

Vape Launcher.rar
.rar
Vape Launcher.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ