General

  • Target

    skididbop.exe

  • Size

    45KB

  • Sample

    240523-x4n2vsdc59

  • MD5

    3c8c937572ec914fcec514388198512c

  • SHA1

    45b51ee6aa6eaa491dde2e536ccfeb93f13519a4

  • SHA256

    dd4b30cd3c1ed3b6ff0952f5aa9e14a334a4bd11a09cdc7ab37aa45cfd739328

  • SHA512

    0303eb186bf0b388b23a359992386da1b4f65988655590717bc37ac6860a2529eae575ee0d03245b94c1e6c68cea5731ce46dfe2f373bb856cb43a874edbf6e6

  • SSDEEP

    768:6dhO/poiiUcjlJInVFH9Xqk5nWEZ5SbTDa/WI7CPW5N:cw+jjgnrH9XqcnW85SbTWWIF

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

45.88.186.12

Mutex

2

Attributes
  • install_path

    appdata

  • port

    5050

  • startup_name

    svchost

Targets

    • Target

      skididbop.exe

    • Size

      45KB

    • MD5

      3c8c937572ec914fcec514388198512c

    • SHA1

      45b51ee6aa6eaa491dde2e536ccfeb93f13519a4

    • SHA256

      dd4b30cd3c1ed3b6ff0952f5aa9e14a334a4bd11a09cdc7ab37aa45cfd739328

    • SHA512

      0303eb186bf0b388b23a359992386da1b4f65988655590717bc37ac6860a2529eae575ee0d03245b94c1e6c68cea5731ce46dfe2f373bb856cb43a874edbf6e6

    • SSDEEP

      768:6dhO/poiiUcjlJInVFH9Xqk5nWEZ5SbTDa/WI7CPW5N:cw+jjgnrH9XqcnW85SbTWWIF

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks