General
-
Target
acb620ecc1205abaff13777bd804a1f921a420c0c4765f1c6682c927f1b66f6e.exe
-
Size
243KB
-
Sample
240601-b5xvhadd8t
-
MD5
46d15e0b7105b6a1e499843065583960
-
SHA1
71119b1d895f728026a27d6d7db519f6d0044baa
-
SHA256
acb620ecc1205abaff13777bd804a1f921a420c0c4765f1c6682c927f1b66f6e
-
SHA512
ec546e0ed7cad0ac2f518e64041da796a386f3ae368ab1abd49642827b7e1ebda06afa8ca90fbc660e752fa051edf6215958c7bb4d09237a6c1e6c694acaca73
-
SSDEEP
6144:GmwnFVsgsyGD260LgawLAXAp+BwNwMCIltSnR33woUuscXpaozHe0n3lJI:GmwnFVsgsyGD2RscYnwMhtCHrpaozHeF
Static task
static1
Behavioral task
behavioral1
Sample
acb620ecc1205abaff13777bd804a1f921a420c0c4765f1c6682c927f1b66f6e.exe
Resource
win7-20240221-en
Malware Config
Extracted
xenorat
dns.dobiamfollollc.online
Jolid_rat_nd8889g
-
delay
61000
-
install_path
appdata
-
port
1284
-
startup_name
hns
Targets
-
-
Target
acb620ecc1205abaff13777bd804a1f921a420c0c4765f1c6682c927f1b66f6e.exe
-
Size
243KB
-
MD5
46d15e0b7105b6a1e499843065583960
-
SHA1
71119b1d895f728026a27d6d7db519f6d0044baa
-
SHA256
acb620ecc1205abaff13777bd804a1f921a420c0c4765f1c6682c927f1b66f6e
-
SHA512
ec546e0ed7cad0ac2f518e64041da796a386f3ae368ab1abd49642827b7e1ebda06afa8ca90fbc660e752fa051edf6215958c7bb4d09237a6c1e6c694acaca73
-
SSDEEP
6144:GmwnFVsgsyGD260LgawLAXAp+BwNwMCIltSnR33woUuscXpaozHe0n3lJI:GmwnFVsgsyGD2RscYnwMhtCHrpaozHeF
-
Detects executables packed with ConfuserEx Mod
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-