General

  • Target

    22dd434667213ce290e7b9b344d2c7a0_NeikiAnalytics.exe

  • Size

    242KB

  • Sample

    240516-ymvnradf61

  • MD5

    22dd434667213ce290e7b9b344d2c7a0

  • SHA1

    7e7742a0b071b0ad2099d2d298b23507f3aa726e

  • SHA256

    9b3699e932902bfe4264a68dad0ae5f718fa3672b659417c2f215e649a9c4d6c

  • SHA512

    c76e9dcfe723d4321f61e22cfa0c9fb0b5784fd6133dcbb08668d8e330fa0a605cfc9ced1471337ec7738a5668e9a196c3fbcf1114bd945a7f857247e9c8a9d6

  • SSDEEP

    6144:ubsslFB5Qz9DDATZwXUL2ATMHcTjVm/TCo9qBxPD85hT4HVz4m1I:ubsy8DDAFePHcIIxPD85hT4HVz4mu

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

dns.dobiamfollollc.online

Mutex

Solid_rat_nd8888g

Attributes
  • delay

    61000

  • install_path

    appdata

  • port

    1283

  • startup_name

    cns

Targets

    • Target

      22dd434667213ce290e7b9b344d2c7a0_NeikiAnalytics.exe

    • Size

      242KB

    • MD5

      22dd434667213ce290e7b9b344d2c7a0

    • SHA1

      7e7742a0b071b0ad2099d2d298b23507f3aa726e

    • SHA256

      9b3699e932902bfe4264a68dad0ae5f718fa3672b659417c2f215e649a9c4d6c

    • SHA512

      c76e9dcfe723d4321f61e22cfa0c9fb0b5784fd6133dcbb08668d8e330fa0a605cfc9ced1471337ec7738a5668e9a196c3fbcf1114bd945a7f857247e9c8a9d6

    • SSDEEP

      6144:ubsslFB5Qz9DDATZwXUL2ATMHcTjVm/TCo9qBxPD85hT4HVz4m1I:ubsy8DDAFePHcIIxPD85hT4HVz4mu

    Score
    10/10
    • Detects XenoRAT malware

      XenoRAT is an open-source remote access tool (RAT) developed in C#.

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks