Behavioral task
behavioral1
Sample
1524-4-0x0000000000400000-0x0000000000412000-memory.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1524-4-0x0000000000400000-0x0000000000412000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
1524-4-0x0000000000400000-0x0000000000412000-memory.dmp
-
Size
72KB
-
MD5
d21d3d1cfac3c2c3cb5aa855e0575ddd
-
SHA1
28a77045d182b7a55224b00cfc0c2ce2caaa60e6
-
SHA256
b04c91c8b5c9f383c47898ec419586e9f6239aed49edfcbc3fed5231d3e42c6c
-
SHA512
3a5bc07830a24568495157a538f502bb8826337bac43a59db09d73bf64ef61742cba66ea505b55c552d4ceba4ffbe439da20c00f6d399bd125d3f2ed40bf030e
-
SSDEEP
768:OSisJmceOoOD7vcgspLfFpyT7QHbtm+nkyqnN+8N8:osJmfOlD7kXprj4QHbtjkH4U8
Malware Config
Extracted
xenorat
dns.requimacofradian.site
Xeno_rat_nd8828g
-
delay
60000
-
install_path
appdata
-
port
1253
-
startup_name
dic
Signatures
-
Xenorat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1524-4-0x0000000000400000-0x0000000000412000-memory.dmp
Files
-
1524-4-0x0000000000400000-0x0000000000412000-memory.dmp.exe windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 43KB - Virtual size: 43KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ