General
-
Target
valochesse.exe
-
Size
45KB
-
Sample
240515-tkpx9shb66
-
MD5
804fd6f013a48648f5d2232bca5bdb22
-
SHA1
b2e90724822c99e3b761e79990af49e824e2b76a
-
SHA256
e29b6f39017aebfd1768cd55ca32c93247e95c17cea77fb3ee68368d89aecf71
-
SHA512
86c1d6e032ccee7d8076430f44fe20ba773c064e57d1b3cd07096438989b68c8814be3f375a450202f7eca949d441474e91ccddbb37e17e690e22aac7353c025
-
SSDEEP
768:gdhO/poiiUcjlJInqbqmH9Xqk5nWEZ5SbTDa60WI7CPW59:Sw+jjgnIH9XqcnW85SbTx0WIl
Malware Config
Extracted
xenorat
2.tcp.eu.ngrok.io
xeno-rat
-
delay
100
-
install_path
appdata
-
port
19034
-
startup_name
tapware
Targets
-
-
Target
valochesse.exe
-
Size
45KB
-
MD5
804fd6f013a48648f5d2232bca5bdb22
-
SHA1
b2e90724822c99e3b761e79990af49e824e2b76a
-
SHA256
e29b6f39017aebfd1768cd55ca32c93247e95c17cea77fb3ee68368d89aecf71
-
SHA512
86c1d6e032ccee7d8076430f44fe20ba773c064e57d1b3cd07096438989b68c8814be3f375a450202f7eca949d441474e91ccddbb37e17e690e22aac7353c025
-
SSDEEP
768:gdhO/poiiUcjlJInqbqmH9Xqk5nWEZ5SbTDa60WI7CPW59:Sw+jjgnIH9XqcnW85SbTx0WIl
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-