General

  • Target

    1524-4-0x0000000000400000-0x0000000000412000-memory.dmp

  • Size

    72KB

  • MD5

    d21d3d1cfac3c2c3cb5aa855e0575ddd

  • SHA1

    28a77045d182b7a55224b00cfc0c2ce2caaa60e6

  • SHA256

    b04c91c8b5c9f383c47898ec419586e9f6239aed49edfcbc3fed5231d3e42c6c

  • SHA512

    3a5bc07830a24568495157a538f502bb8826337bac43a59db09d73bf64ef61742cba66ea505b55c552d4ceba4ffbe439da20c00f6d399bd125d3f2ed40bf030e

  • SSDEEP

    768:OSisJmceOoOD7vcgspLfFpyT7QHbtm+nkyqnN+8N8:osJmfOlD7kXprj4QHbtjkH4U8

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

dns.requimacofradian.site

Mutex

Xeno_rat_nd8828g

Attributes
  • delay

    60000

  • install_path

    appdata

  • port

    1253

  • startup_name

    dic

Signatures

  • Xenorat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1524-4-0x0000000000400000-0x0000000000412000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections