General
-
Target
b2761c56fae2f7a539afb079f5cc412c2d5e881f8fc6d59532d3fbf8e2562008.exe
-
Size
244KB
-
Sample
240607-c32lcahd35
-
MD5
7f9e14483d7849bf60819d8898e8ee58
-
SHA1
35f0869454078cda5fc8ec447808c91faa5e2b13
-
SHA256
b2761c56fae2f7a539afb079f5cc412c2d5e881f8fc6d59532d3fbf8e2562008
-
SHA512
9fe6db997c7134aac7c83f92f8278ef359a56dec4dbddaaef23b2138b6a9b551a647772b020c2ed01d72df7888c0fa7a6583e5e4e2d90fa4bbd3a9a5d150305f
-
SSDEEP
6144:xWMPLGzI/4Nw04UNIFs/bmKwlMvxG++0RKsOTG0L8I:xWMPKIjtFEZwIRKsOTG0LZ
Malware Config
Extracted
xenorat
dns.dobiamfollollc.online
Solid_rat_nd8889g
-
delay
61000
-
install_path
appdata
-
port
1283
-
startup_name
bns
Targets
-
-
Target
b2761c56fae2f7a539afb079f5cc412c2d5e881f8fc6d59532d3fbf8e2562008.exe
-
Size
244KB
-
MD5
7f9e14483d7849bf60819d8898e8ee58
-
SHA1
35f0869454078cda5fc8ec447808c91faa5e2b13
-
SHA256
b2761c56fae2f7a539afb079f5cc412c2d5e881f8fc6d59532d3fbf8e2562008
-
SHA512
9fe6db997c7134aac7c83f92f8278ef359a56dec4dbddaaef23b2138b6a9b551a647772b020c2ed01d72df7888c0fa7a6583e5e4e2d90fa4bbd3a9a5d150305f
-
SSDEEP
6144:xWMPLGzI/4Nw04UNIFs/bmKwlMvxG++0RKsOTG0L8I:xWMPKIjtFEZwIRKsOTG0LZ
Score10/10-
XenorRat
XenorRat is a remote access trojan written in C#.
-
Detects executables packed with ConfuserEx Mod
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-