General
-
Target
231733d95aea19422658b004868f2634ff992714a533839e4c8cb94859ab619c.exe
-
Size
242KB
-
Sample
240601-bgvp8scc2s
-
MD5
b5221ebcf592f06fa5916e035330d0f1
-
SHA1
97280f900cccbc2ca7662d77029c42cab0514073
-
SHA256
231733d95aea19422658b004868f2634ff992714a533839e4c8cb94859ab619c
-
SHA512
1767eec0e4973f279a4d8d5fef31cca4567f484039c685631ea70858f84671524a040e6b3e229572b1425544516b1d135164383d98b6b6077225145916cc6a9e
-
SSDEEP
6144:ncuU50otq3N4hlZG7ZpWO/2/puk/z26e97l1fsHH44I:ncugONsTYZp328kL26e97l1fsHH4l
Static task
static1
Behavioral task
behavioral1
Sample
231733d95aea19422658b004868f2634ff992714a533839e4c8cb94859ab619c.exe
Resource
win7-20231129-en
Malware Config
Extracted
xenorat
dns.dobiamfollollc.online
Jolid_rat_nd8889g
-
delay
61000
-
install_path
appdata
-
port
1284
-
startup_name
hns
Targets
-
-
Target
231733d95aea19422658b004868f2634ff992714a533839e4c8cb94859ab619c.exe
-
Size
242KB
-
MD5
b5221ebcf592f06fa5916e035330d0f1
-
SHA1
97280f900cccbc2ca7662d77029c42cab0514073
-
SHA256
231733d95aea19422658b004868f2634ff992714a533839e4c8cb94859ab619c
-
SHA512
1767eec0e4973f279a4d8d5fef31cca4567f484039c685631ea70858f84671524a040e6b3e229572b1425544516b1d135164383d98b6b6077225145916cc6a9e
-
SSDEEP
6144:ncuU50otq3N4hlZG7ZpWO/2/puk/z26e97l1fsHH44I:ncugONsTYZp328kL26e97l1fsHH4l
-
Detects executables packed with ConfuserEx Mod
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-