General
-
Target
incognitobeta.exe
-
Size
45KB
-
Sample
240602-kq2dtahb64
-
MD5
e9fc233c0a49d897c3d5d86350986f19
-
SHA1
fa122e95d3b34518aff46efac9e7f56926b64e40
-
SHA256
b9e61bef0d3bbe426ef78c71f18141967f2622d048fe0f24ccb80cdef75bb27f
-
SHA512
de06a67f60959efb9bd89066b81e3ad788b1b49ae10ac19269914470fa7605bea95e3f98e348d2df67baf0efe310b6c2333c29e1d0ca2e6071db185aafecebd4
-
SSDEEP
768:hdhO/poiiUcjlJIn8tUH9Xqk5nWEZ5SbTDaaWI7CPW5Z:fw+jjgn6UH9XqcnW85SbTjWIh
Behavioral task
behavioral1
Sample
incognitobeta.exe
Resource
win7-20240221-en
Malware Config
Extracted
xenorat
127.0.0.1
incognito
-
delay
5000
-
install_path
temp
-
port
4444
-
startup_name
USBsupervisor
Targets
-
-
Target
incognitobeta.exe
-
Size
45KB
-
MD5
e9fc233c0a49d897c3d5d86350986f19
-
SHA1
fa122e95d3b34518aff46efac9e7f56926b64e40
-
SHA256
b9e61bef0d3bbe426ef78c71f18141967f2622d048fe0f24ccb80cdef75bb27f
-
SHA512
de06a67f60959efb9bd89066b81e3ad788b1b49ae10ac19269914470fa7605bea95e3f98e348d2df67baf0efe310b6c2333c29e1d0ca2e6071db185aafecebd4
-
SSDEEP
768:hdhO/poiiUcjlJIn8tUH9Xqk5nWEZ5SbTDaaWI7CPW5Z:fw+jjgn6UH9XqcnW85SbTjWIh
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-