General
-
Target
0f25b2dba81f1a344f613a7aedecd247980324529fa1d7f2a1d2937f1fa0627e
-
Size
235KB
-
Sample
240702-zvjf5aygmh
-
MD5
ed7a378f46c2128849abc102e8b03df9
-
SHA1
b2f934a5a8689b758904152c46b914e33557e963
-
SHA256
0f25b2dba81f1a344f613a7aedecd247980324529fa1d7f2a1d2937f1fa0627e
-
SHA512
d764bfa2b38d7d2fb1e41693e56aea0052512cb30082994e58bba38e588b7325553a5e4a1bf4809bfa0f80d1632398eb18d83434fde3dd4951ed0f798cff4b6b
-
SSDEEP
6144:JxEtjPOtioVjDGUU1qfDlavx+W2QnA2X5EW2ZKuF1Yt/8XyXhOdd6K05WM5nwQS5:0XR2ZKeWkXyXhgdL0E2SER9A2c
Behavioral task
behavioral1
Sample
0f25b2dba81f1a344f613a7aedecd247980324529fa1d7f2a1d2937f1fa0627e.xls
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
0f25b2dba81f1a344f613a7aedecd247980324529fa1d7f2a1d2937f1fa0627e.xls
Resource
win10v2004-20240611-en
Malware Config
Extracted
xenorat
91.92.248.167
Wolid_rat_nd8859g
-
delay
60000
-
install_path
appdata
-
port
1280
-
startup_name
cms
Targets
-
-
Target
0f25b2dba81f1a344f613a7aedecd247980324529fa1d7f2a1d2937f1fa0627e
-
Size
235KB
-
MD5
ed7a378f46c2128849abc102e8b03df9
-
SHA1
b2f934a5a8689b758904152c46b914e33557e963
-
SHA256
0f25b2dba81f1a344f613a7aedecd247980324529fa1d7f2a1d2937f1fa0627e
-
SHA512
d764bfa2b38d7d2fb1e41693e56aea0052512cb30082994e58bba38e588b7325553a5e4a1bf4809bfa0f80d1632398eb18d83434fde3dd4951ed0f798cff4b6b
-
SSDEEP
6144:JxEtjPOtioVjDGUU1qfDlavx+W2QnA2X5EW2ZKuF1Yt/8XyXhOdd6K05WM5nwQS5:0XR2ZKeWkXyXhgdL0E2SER9A2c
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-