General
-
Target
cfc72b24ecdc6d7ef3364324f33c0701ec116c86c3b7b4af2f32d309a218f7cf.exe
-
Size
243KB
-
Sample
240606-l83j9scg7w
-
MD5
b101dee2fdf011dfcdf4e3e55038ae75
-
SHA1
fe8ae6b6e0f3ae4123d0cc564a23bf80d3109a92
-
SHA256
cfc72b24ecdc6d7ef3364324f33c0701ec116c86c3b7b4af2f32d309a218f7cf
-
SHA512
3cb6b2ba2a8ac22b4b832c340d495343dbd39bb70c5be4ca66b8340debd60f3a374a72da4e89b73f86f7d8d1d527fdbaf27bcb9a3418868e8230604fef98477f
-
SSDEEP
6144:Mg8trm+0369KcYpX38LHoFq1ZO8CzYL3qC2WuI:T8trm+CEslGHZ108CzYL3qC2WT
Static task
static1
Behavioral task
behavioral1
Sample
cfc72b24ecdc6d7ef3364324f33c0701ec116c86c3b7b4af2f32d309a218f7cf.exe
Resource
win7-20240215-en
Malware Config
Extracted
xenorat
dns.dobiamfollollc.online
Solid_rat_nd8889g
-
delay
61000
-
install_path
appdata
-
port
1283
-
startup_name
bns
Targets
-
-
Target
cfc72b24ecdc6d7ef3364324f33c0701ec116c86c3b7b4af2f32d309a218f7cf.exe
-
Size
243KB
-
MD5
b101dee2fdf011dfcdf4e3e55038ae75
-
SHA1
fe8ae6b6e0f3ae4123d0cc564a23bf80d3109a92
-
SHA256
cfc72b24ecdc6d7ef3364324f33c0701ec116c86c3b7b4af2f32d309a218f7cf
-
SHA512
3cb6b2ba2a8ac22b4b832c340d495343dbd39bb70c5be4ca66b8340debd60f3a374a72da4e89b73f86f7d8d1d527fdbaf27bcb9a3418868e8230604fef98477f
-
SSDEEP
6144:Mg8trm+0369KcYpX38LHoFq1ZO8CzYL3qC2WuI:T8trm+CEslGHZ108CzYL3qC2WT
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-