xenorat | incognitobeta[.]exe | Triage

Resubmissions

08-06-2024 04:31

240608-e5hmcshh95 10

02-06-2024 08:52

240602-ks7zdahc33 10

Sharing

General

Target

incognitobeta.exe
Size

45KB
MD5

e9fc233c0a49d897c3d5d86350986f19
SHA1

fa122e95d3b34518aff46efac9e7f56926b64e40
SHA256

b9e61bef0d3bbe426ef78c71f18141967f2622d048fe0f24ccb80cdef75bb27f
SHA512

de06a67f60959efb9bd89066b81e3ad788b1b49ae10ac19269914470fa7605bea95e3f98e348d2df67baf0efe310b6c2333c29e1d0ca2e6071db185aafecebd4
SSDEEP

768:hdhO/poiiUcjlJIn8tUH9Xqk5nWEZ5SbTDaaWI7CPW5Z:fw+jjgn6UH9XqcnW85SbTjWIh

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

incognito

Attributes

delay
5000
install_path
temp
port
4444
startup_name
USBsupervisor

Signatures

Xenorat family
xenorat
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

incognitobeta.exe

Files

incognitobeta.exe
.exe windows:4 windows x86 arch:x86

Password: 1234

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ