General
-
Target
0-3.eml
-
Size
248KB
-
Sample
240606-qj6mvafe93
-
MD5
2b8c502ee0546972ad12e4b9f0060ae8
-
SHA1
bff9687dc664085f2f1bf4f4dfec3601d2921af8
-
SHA256
b0133c97a9a0544fa87b9dede635be6a34c6352e3ab359a282702a782184571e
-
SHA512
43d39b330540c5044171c5af34e1b95a445ad393f7bbc09adfa30c2db287327f4dd0c95f6abf7a4fed2ba36b7088cff3fdb0b6c48fc268f70e0c2e7b8ca19586
-
SSDEEP
6144:hmLcuzkCaAhWsssHhnOJh2uxYyZRPgejc:ALTzkCthWRKO7PxYcgn
Static task
static1
Malware Config
Extracted
xenorat
91.92.248.167
Rolid_rat_nd8889g
-
delay
60000
-
install_path
appdata
-
port
1278
-
startup_name
mns
Targets
-
-
Target
Pago652024.exe
-
Size
222KB
-
MD5
8a522f9786f61b5bd677d7a8ed6bd1aa
-
SHA1
06fdb9d40c9b6448fd8c1a47595eb3e8b3e9ed29
-
SHA256
e4d55c94e2904333166dc800a24bb13f97f8ceaf8815bbc133f3ac40dd4211f2
-
SHA512
e79c2be732536b4db756280d889b2021b31396ec669368796d507d7238be27984239d367bf22d9d1dea615b85b5b5b96677a08a383e28272a432988e537deabd
-
SSDEEP
6144:0kE+cZHhNRHvo14E92D08KHKIpRfvv0upeG2wxywW0pS/i1SbUI:0kpcZB/PoODOEuYG2wxywW0pS/i1SbB
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-