Behavioral task
behavioral1
Sample
skididbop.exe
Resource
win7-20240419-en
General
-
Target
skididbop.exe
-
Size
45KB
-
MD5
3c8c937572ec914fcec514388198512c
-
SHA1
45b51ee6aa6eaa491dde2e536ccfeb93f13519a4
-
SHA256
dd4b30cd3c1ed3b6ff0952f5aa9e14a334a4bd11a09cdc7ab37aa45cfd739328
-
SHA512
0303eb186bf0b388b23a359992386da1b4f65988655590717bc37ac6860a2529eae575ee0d03245b94c1e6c68cea5731ce46dfe2f373bb856cb43a874edbf6e6
-
SSDEEP
768:6dhO/poiiUcjlJInVFH9Xqk5nWEZ5SbTDa/WI7CPW5N:cw+jjgnrH9XqcnW85SbTWWIF
Malware Config
Extracted
xenorat
45.88.186.12
2
-
install_path
appdata
-
port
5050
-
startup_name
svchost
Signatures
-
Xenorat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource skididbop.exe
Files
-
skididbop.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ