General
-
Target
sa.exe
-
Size
310KB
-
Sample
240526-qaesrsfg28
-
MD5
64a3cb4713a64a85a07a28878c50fb55
-
SHA1
5a8fdb5b2e5338db3b2b81949b30ca0edc483d4e
-
SHA256
8ff9cd217cac6f44e24e5de2049f4289d05286dfbf32566b70c0744dbdd6d381
-
SHA512
46aa9ba21ed7afb453ea474731f7fbe8b68848b97887746d95a8df2eb4dcd469febc6e566c099cc18b080added707964c771479c5c6130ef404e5d13ce72bc0a
-
SSDEEP
6144:aW+91UbIeC+5r6PmRIoS5P7xVEDc7SuDSSwb:a7eCB9V5b
Behavioral task
behavioral1
Sample
sa.exe
Resource
win7-20240508-en
Malware Config
Extracted
xenorat
192.168.56.1
Growtopia_4232
-
delay
5000
-
install_path
appdata
-
port
4444
-
startup_name
growtopia
Targets
-
-
Target
sa.exe
-
Size
310KB
-
MD5
64a3cb4713a64a85a07a28878c50fb55
-
SHA1
5a8fdb5b2e5338db3b2b81949b30ca0edc483d4e
-
SHA256
8ff9cd217cac6f44e24e5de2049f4289d05286dfbf32566b70c0744dbdd6d381
-
SHA512
46aa9ba21ed7afb453ea474731f7fbe8b68848b97887746d95a8df2eb4dcd469febc6e566c099cc18b080added707964c771479c5c6130ef404e5d13ce72bc0a
-
SSDEEP
6144:aW+91UbIeC+5r6PmRIoS5P7xVEDc7SuDSSwb:a7eCB9V5b
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-