General
-
Target
477ca1add0f03886c3bb29c4f03ffd2aa4d5c2a0fb3346fe46890c25347a8d7c
-
Size
240KB
-
Sample
240704-nstnjaydlg
-
MD5
b41d067615ca60ffe4253297866d79be
-
SHA1
1aab2b69eb9f918d1e0a23a82a98411709ee2fdb
-
SHA256
477ca1add0f03886c3bb29c4f03ffd2aa4d5c2a0fb3346fe46890c25347a8d7c
-
SHA512
7c5b98c2e3fbdafc0949ca9d32b9c41be044f3b99052e1119472d1999442114ed60d5949929e7b14aa028c77c7adc638ee0507362ab848af7cb4612c9313e29e
-
SSDEEP
6144:oGB7vPW1gnEHLltCX754KLHrdoBiEd0nJ1iaJC4E2Hjyq3RVlA44I:oOOCnEHXY7ZzreHin7iaJC4E2Hjyq3Rj
Static task
static1
Behavioral task
behavioral1
Sample
477ca1add0f03886c3bb29c4f03ffd2aa4d5c2a0fb3346fe46890c25347a8d7c.exe
Resource
win7-20240221-en
Malware Config
Extracted
xenorat
91.92.248.167
Dolid_rat_nd8859g
-
delay
60000
-
install_path
appdata
-
port
1280
-
startup_name
dms
Targets
-
-
Target
477ca1add0f03886c3bb29c4f03ffd2aa4d5c2a0fb3346fe46890c25347a8d7c
-
Size
240KB
-
MD5
b41d067615ca60ffe4253297866d79be
-
SHA1
1aab2b69eb9f918d1e0a23a82a98411709ee2fdb
-
SHA256
477ca1add0f03886c3bb29c4f03ffd2aa4d5c2a0fb3346fe46890c25347a8d7c
-
SHA512
7c5b98c2e3fbdafc0949ca9d32b9c41be044f3b99052e1119472d1999442114ed60d5949929e7b14aa028c77c7adc638ee0507362ab848af7cb4612c9313e29e
-
SSDEEP
6144:oGB7vPW1gnEHLltCX754KLHrdoBiEd0nJ1iaJC4E2Hjyq3RVlA44I:oOOCnEHXY7ZzreHin7iaJC4E2Hjyq3Rj
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-