General
-
Target
incognito-beta.exe
-
Size
45KB
-
Sample
240530-xbwk8shc83
-
MD5
3110b35fe4c0b011bda32853cf6ea8e5
-
SHA1
99e01bbec76e7b17fce3a9992bf59453aa5f1344
-
SHA256
a99db0013ba923fc71f497d838ecc385d19aad27a51a079895d879f59b22a4ad
-
SHA512
1b804db6a4c0ef1a5726fb05767f62bbe19dcb06c9072e024a457e2aa2cb080cbd815e4018878bd402e2a190d3f567946cdf35b5eede1af431fb11d7dc2e46f4
-
SSDEEP
768:SdhO/poiiUcjlJInrlH9Xqk5nWEZ5SbTDaBWI7CPW5h:0w+jjgnJH9XqcnW85SbTgWI5
Behavioral task
behavioral1
Sample
incognito-beta.exe
Resource
win7-20240419-en
Malware Config
Extracted
xenorat
127.0.0.1
Xeno_rat_nd8912d
-
delay
5000
-
install_path
appdata
-
port
3243
-
startup_name
nothingset
Targets
-
-
Target
incognito-beta.exe
-
Size
45KB
-
MD5
3110b35fe4c0b011bda32853cf6ea8e5
-
SHA1
99e01bbec76e7b17fce3a9992bf59453aa5f1344
-
SHA256
a99db0013ba923fc71f497d838ecc385d19aad27a51a079895d879f59b22a4ad
-
SHA512
1b804db6a4c0ef1a5726fb05767f62bbe19dcb06c9072e024a457e2aa2cb080cbd815e4018878bd402e2a190d3f567946cdf35b5eede1af431fb11d7dc2e46f4
-
SSDEEP
768:SdhO/poiiUcjlJInrlH9Xqk5nWEZ5SbTDaBWI7CPW5h:0w+jjgnJH9XqcnW85SbTgWI5
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-