xenorat | pics[.]exe | Triage

Sharing

General

Target

pics.exe
Size

45KB
MD5

a02107a30c960620ce21bd2030442feb
SHA1

51ff3d68754c8b39479649691d5fcc1179fa07b6
SHA256

3e85bcf513c45d1d4ff742714cdde33230115c4a64a74d46770b3f62ad7a1c7d
SHA512

ed16c4048c255dbf80770f9fedbac6d8e4604d64cc7040a8d69a314c68313eed04bf1683dd14f9619e3b0d81756b3ed044f7a4768c0c0588f7d4b893f8ff2299
SSDEEP

768:9dhO/poiiUcjlJInpylF2I8H9Xqk5nWEZ5SbTDaauI7CPW57:zw+jjgnAlF2I8H9XqcnW85SbTXuIj

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

C2

91.92.245.171

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
5764
startup_name
Chrome

Signatures

Xenorat family
xenorat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pics.exe

Files

pics.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ