General
-
Target
WavePreTest.exe
-
Size
250KB
-
Sample
240530-dp961adc99
-
MD5
5e5f3675c35d20f0f178656ef3050610
-
SHA1
1c3b806ecf7b9b26dd1c1a1ccead6cab4acb86e5
-
SHA256
f0f5b2b8f43bfec5114b21a4abfeb0f225cb8e5b55ed276b43583caaab7c70e3
-
SHA512
802a3cd68693bbfc86e69f20d734d7ee57188a5649715822da5d463496916b1789aef05315738493efe8160d9c1e8bb9b982f548a13ae841d314e920aac22779
-
SSDEEP
3072:xw+jqc91UbTrp8T8JXuw55R20bXnxNHGLQSYUjkjYiN7q1M3C0x:+W191Ub58T8JXuBWnxN0kjjdC0
Malware Config
Extracted
xenorat
david-login.gl.at.ply.gg
Xeno_rat_nd8912d
-
delay
5000
-
install_path
appdata
-
port
54479
-
startup_name
nothingset
Targets
-
-
Target
WavePreTest.exe
-
Size
250KB
-
MD5
5e5f3675c35d20f0f178656ef3050610
-
SHA1
1c3b806ecf7b9b26dd1c1a1ccead6cab4acb86e5
-
SHA256
f0f5b2b8f43bfec5114b21a4abfeb0f225cb8e5b55ed276b43583caaab7c70e3
-
SHA512
802a3cd68693bbfc86e69f20d734d7ee57188a5649715822da5d463496916b1789aef05315738493efe8160d9c1e8bb9b982f548a13ae841d314e920aac22779
-
SSDEEP
3072:xw+jqc91UbTrp8T8JXuw55R20bXnxNHGLQSYUjkjYiN7q1M3C0x:+W191Ub58T8JXuBWnxN0kjjdC0
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-