xenorat | testingrat[.]exe | Triage

Resubmissions

30-05-2024 23:55

240530-3yt9ksga57 10

30-05-2024 23:53

240530-3xms4sga24 10

Sharing

General

Target

testingrat.exe
Size

45KB
MD5

7bf7d5fb2ed513c687cd676fe53f5ee9
SHA1

e9251ef1dd3ebe4f17acf0b3552e22751009c8c1
SHA256

afe1cd83d722daa13601c0de896cec93dbae4f9ce4ad78ca3b845060101f0101
SHA512

4c189aee06185359827432b021e8850b1bfbc78da932c4b259b665de7a1b293e0ee281627750bcce7e4fb2ccd8b2b8c0f89a7d68b77e27e7e52832a887f0f447
SSDEEP

768:ldhO/poiiUcjlJInVqH9Xqk5nWEZ5SbTDamWI7CPW5K:7w+jjgn8H9XqcnW85SbTvWIi

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

C2

related-directed.gl.at.ply.gg

Mutex

TestingRat

Attributes

install_path
appdata
port
3403
startup_name
Console

Signatures

Xenorat family
xenorat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

testingrat.exe

Files

testingrat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ