General
-
Target
1524-4-0x0000000000400000-0x0000000000412000-memory.dmp
-
Size
72KB
-
MD5
d21d3d1cfac3c2c3cb5aa855e0575ddd
-
SHA1
28a77045d182b7a55224b00cfc0c2ce2caaa60e6
-
SHA256
b04c91c8b5c9f383c47898ec419586e9f6239aed49edfcbc3fed5231d3e42c6c
-
SHA512
3a5bc07830a24568495157a538f502bb8826337bac43a59db09d73bf64ef61742cba66ea505b55c552d4ceba4ffbe439da20c00f6d399bd125d3f2ed40bf030e
-
SSDEEP
768:OSisJmceOoOD7vcgspLfFpyT7QHbtm+nkyqnN+8N8:osJmfOlD7kXprj4QHbtjkH4U8
Score
10/10
Malware Config
Extracted
Family
xenorat
C2
dns.requimacofradian.site
Mutex
Xeno_rat_nd8828g
Attributes
-
delay
60000
-
install_path
appdata
-
port
1253
-
startup_name
dic
Signatures
-
Xenorat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1524-4-0x0000000000400000-0x0000000000412000-memory.dmp
Headers
Sections