xenorat | a2e63c25a58536a0d1b34464e70cd41ed0a3668455392bbc054059ebbfc0c3e2

Sharing

Copy URL

Twitter E-mail

General

Target

WavePreTest.rar
Size

12.5MB
Sample

240704-v4a4wssema
MD5

3f98294b56da0766918d2195c89db160
SHA1

5e7138c7ee8a1de9d041804fd11ac0ba63cb1f34
SHA256

a2e63c25a58536a0d1b34464e70cd41ed0a3668455392bbc054059ebbfc0c3e2
SHA512

ca73a296d15a07c9f469e429b4f859654ddb90b8cd9cdb43557515672fef08ef28c04d903d82c60cd536cdc233de2d41716b9de6084ec298fb7fe8514aa6b6cc
SSDEEP

196608:EbPTrrjjmoFkNMDHy0xr6/m2SYnCmaWjn+UPSA46Ug8Hj+alt8xaxv7F:EbPTrrGjMjomjIayn+U6A4638HaZx+zF

Score

10^/10

Malware Config

Extracted

Family

xenorat

david-login.gl.at.ply.gg

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
54479
startup_name
nothingset

Targets

- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Microsoft.Web.WebView2.Core.dll
- Size
  
  488KB
- MD5
  
  851fee9a41856b588847cf8272645f58
- SHA1
  
  ee185a1ff257c86eb19d30a191bf0695d5ac72a1
- SHA256
  
  5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
- SHA512
  
  cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
- SSDEEP
  
  12288:W/TcW1virB3ye+iKzORFNgeA+imQ9pRFZNIEJdIElxPrEIgcvLcglxMwCepM1STy:W/1C4I
Score

1^/10
behavioral1 behavioral2
- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  4cf94ffa50fd9bdc0bb93cceaede0629
- SHA1
  
  3e30eca720f4c2a708ec53fd7f1ba9e778b4f95f
- SHA256
  
  50b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6
- SHA512
  
  dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98
- SSDEEP
  
  768:SNGbP6+wTftcZDgcEST3p4Jjrjh2jJFSUyauYv1JKia5/Zi/WGQKVu6bRaMBo0wx:OGm+otcZDgcEST3p4JjrjaJFSUyau01U
Score

1^/10
behavioral3 behavioral4
- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  43KB
- MD5
  
  34ec990ed346ec6a4f14841b12280c20
- SHA1
  
  6587164274a1ae7f47bdb9d71d066b83241576f0
- SHA256
  
  1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
- SHA512
  
  b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0
- SSDEEP
  
  768:1n/WlAKj4s0TV09797+nXDheteXBxc78OSW3Z8lcDP/ryEH0UBy4JjrD1h2j5h3E:1+msYXR3sZ8lcDP/ryEH0UBy4JjrD1aU
Score

1^/10
behavioral5 behavioral6
- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Monaco/fgd.html
- Size
  
  18KB
- MD5
  
  a1416c1fe209f7687ff79ab44301b3d3
- SHA1
  
  3ba3ff0027a98128edad78f5561cef53c4236791
- SHA256
  
  a6897302dba619dd3c156d57fc4b706662bff4df582975c33478b7878b060d2c
- SHA512
  
  ce8a9aaf7ba903dfb25df53e04addfedae7ee4fcd07dffd42abf3f275a75b14cb26bb64c9320fd425003c73618b2967bb7be2cfb849050d50dd5308e69842f79
- SSDEEP
  
  384:fihTARA5Lmwl1qPeVvW4NVtabVBJjVBd+TI6noaQLR7:fihTjoy+StabVBJ/kkgoaQLR7
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8
- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Monaco/fileaccess/index.js
- Size
  
  4KB
- MD5
  
  36076c2f9ed15bf717b1c25ac393cd1f
- SHA1
  
  33fdfa81edda4e15e508de82b961cf7a7a61ec09
- SHA256
  
  4d5fec3e097af1243af2c83a8e30345177f32742c730d88ef9b12999c0cf66d0
- SHA512
  
  2805ef0815ba159bd1f6c8e5c93281ba1c3f10ead8b3f274f6bf165fae87b628ab40079d78c6c4cd103bcee5d177ce7b24da39e1b9775d5f62e2bf10e38e1f04
- SSDEEP
  
  96:gFEuLu1uPwXg2CxYAvh7yfWX+DWFq8iT9:4EMe3CxXyfWmWy
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Monaco/fileaccess/node_modules/.bin/mime
- Size
  
  371B
- MD5
  
  7ab5bfff58b0a878a4614cddbe424702
- SHA1
  
  e75ad406ef2f9fcb1a9bde44ba669f416c824c4f
- SHA256
  
  394b93eaaac25f18a20d7cdd80920ecca1fe43c8e5b37501389e644944c6e01f
- SHA512
  
  36f59fb7f2a1f985210ce39fb90e6e7998e4ba8030f172496eda22a12c66b58c651211d0f682c2b0ec58a6e1ae19d59380d1fe0c6849f15fcf381df60123aaeb
Score

4^/10

antivm
behavioral11 behavioral12 behavioral13 behavioral14
- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Monaco/fileaccess/node_modules/.bin/mime.cmd
- Size
  
  316B
- MD5
  
  2872347ac99221152281bfd56705d437
- SHA1
  
  83fa66cd05f64de1ef7f3010344a0f7babe54819
- SHA256
  
  cd5ca2f059e780c0a4b1aa9cdd6edc7dc10413d30bf51ad537adbd428e5e7a16
- SHA512
  
  3c0b9e12bc1ff8f2bbaa5301d8db78a5c3636dd93f5755728e5b255c4250c0ea9e3c53a545011087b9c2536b1c1676ff01f7eff3015e6e99f2e12c9f15386fe5
Score

1^/10
behavioral15 behavioral16
- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Monaco/fileaccess/node_modules/.bin/mime.ps1
- Size
  
  769B
- MD5
  
  bef04abf08e89532a476c3e474b5f509
- SHA1
  
  bb81073d8e07c483ee29121358871535973336e7
- SHA256
  
  a43d8b7d57dbbb21f2f98c331970d011177fa1c6be327aa0dbb84c1ad01e9201
- SHA512
  
  e20f86c40ce523477da136cb4aa3f29683dee567a31ebfad666666192417f49568e848cb8844e8dcd32d5501fb7176d47aca54c195324e6d41e73093699788b1
Score

1^/10
behavioral17 behavioral18 behavioral19 behavioral20
- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Monaco/fileaccess/node_modules/accepts/README.md
- Size
  
  4KB
- MD5
  
  873e624d40d23cf9b54f9d2f74d2c8d1
- SHA1
  
  3a884510d2eeed73a4cd5ae0947a6c72cd3c7426
- SHA256
  
  c25a1071e5aa1b1b43e10f083e8d97c3dbf1f7700cfa38b5cbc40725662e1ae0
- SHA512
  
  a929edeb59edc6f1ef4f7554ddfd0b1b54aa097d4fdf69c5ec25b14c3c722a034d159daf3ad38508efc775fdf8c246507d53021e4ad79f0708c5df94b311a864
- SSDEEP
  
  48:ZdC9AIvI6RZK0nwuBGWxGWwsNdXMoNjP601Wrk0aN8F07DaN89JC7aN8fBfuRhpL:/CnQl0JZ15jue/9IQxokXjwiA0
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Monaco/fileaccess/node_modules/accepts/index.js
- Size
  
  5KB
- MD5
  
  4fe4d2c90a2fd19d6e97443a7d24f815
- SHA1
  
  282263f45f6bf80fbf43f4097d53b5b60ff1a05f
- SHA256
  
  be2decbd50610e8f995c1e312ee4dd6d7c1244cfdf03ee4c4a3da68e572dada1
- SHA512
  
  c795b7285cc92616a46fd1ad2d00ce65fb4b269e6b6fc35315891d119b7c25b7f4573540be0627d577123201d9cfe119c8a53f0e75a8b6ea870f8d89a130c213
- SSDEEP
  
  96:oYG1MGmGHqyl8rAyBkmqFxo+uerpDWMlB8fdOGUJTit4UG9bCZhPwA:oYG1Xlqyl88yBD+uerRLD0YQ4rcZh9
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Monaco/fileaccess/node_modules/array-flatten/README.md
- Size
  
  1KB
- MD5
  
  328fdaf1ee65869341567f4fb6716e02
- SHA1
  
  98efa9e4bd6d6bca4ebb76991a2187a8a496c8b6
- SHA256
  
  071dd896356da12269508f361958ec622e47b27a96d7efdba23b671bc3470416
- SHA512
  
  40378eeeb21474e8be2962853b1d279ab8e167e68ebad08ae4e7932c131da317672852916bcc1000ec43a0163653c45158a9a8be819b4a6479163ac8c5391ca5
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Monaco/fileaccess/node_modules/array-flatten/array-flatten.js
- Size
  
  1KB
- MD5
  
  4b17fa06c54846b686b8b799e9dd253a
- SHA1
  
  fc6cc30e8b8ec09eeba62bac076ed627aa3ee8d1
- SHA256
  
  766ca145b6d25e3d60f352a716e8fa1876bcdf362c0767c360cf24f335bc281e
- SHA512
  
  72df1668f464f6942c484155b667086bb6f83f77e826ffcd146ee045079db3334aba270bffb66cdd796d4c9308121ec2a67a404289f19914c45d9a6c15435e71
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Monaco/fileaccess/node_modules/body-parser/README.md
- Size
  
  17KB
- MD5
  
  3152126cd7d54ede5697046e69a7e589
- SHA1
  
  3c8820c682cc2e043465d9aafbe1e182571e941f
- SHA256
  
  1a8c31593d425887df10e400a765d3f86f3b195b4efdccd44ff4aa542c03380b
- SHA512
  
  73b3c1fa28e96f744e7e6a58a13d6c5b31646cf06fe47895c226ed61198c5c2bcd4a2dc0c4447de54ea15d5d56d7e330ad1335b3659598cc576a88e791c16358
- SSDEEP
  
  192:eBmKv7ygazeyidkShRvtlgem3x1A6H9wSu9kYPaDpIQVf3X/R0yV2aaX2JC/vuZA:xKFO4d/63TA6H9i9bSDKqvXpqmC
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  WavePreTest/WavePreTest/Wave.Dir/Monaco/fileaccess/node_modules/body-parser/index.js
- Size
  
  2KB
- MD5
  
  b9e991c0e57c4d5adde68a2f4f063bc7
- SHA1
  
  0cb6b9eb7b310c37e5950bbcaf672943657c94b5
- SHA256
  
  9c6c900e7e85fb599c62d9b9e4dfd2ea2f61d119dce5ed69ac3a8da828819241
- SHA512
  
  3bbd31eed55c32435b01fe7356d39749e95f8f49222115ada841e751ad36227e6f427efdc4e8bad36d8ccd37c2e92c01fa67c24c23f52023df8c1e1be1a3b4f6
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32