General
-
Target
697098bd0a7aed4fa228af96addb4e6635c6ff69c80f729f3f0e82db62fc95ab.exe
-
Size
236KB
-
Sample
240704-vft7vszbmp
-
MD5
5f86d94893b47e542cf857749dfcd185
-
SHA1
7816d9af40a9e9265708df00af8137db67d8c7aa
-
SHA256
697098bd0a7aed4fa228af96addb4e6635c6ff69c80f729f3f0e82db62fc95ab
-
SHA512
8cf9bb6ba985843d57f2a013e40d3243b89e5aa0af07d504e9bcc7a2b577028a9cf24258bab14e256b7cb11f75a9a5993eff920879ab11f24c926bce85fb4c7d
-
SSDEEP
6144:wA0gX+3bpKthw8rZg+mr08M0O5wkoYfMJRNeUqNI:wA0gXgpKNknMX57ocMJRNeUq2
Static task
static1
Behavioral task
behavioral1
Sample
697098bd0a7aed4fa228af96addb4e6635c6ff69c80f729f3f0e82db62fc95ab.exe
Resource
win7-20240220-en
Malware Config
Extracted
xenorat
91.92.248.167
Wolid_rat_nd8859g
-
delay
60000
-
install_path
appdata
-
port
1280
-
startup_name
cms
Targets
-
-
Target
697098bd0a7aed4fa228af96addb4e6635c6ff69c80f729f3f0e82db62fc95ab.exe
-
Size
236KB
-
MD5
5f86d94893b47e542cf857749dfcd185
-
SHA1
7816d9af40a9e9265708df00af8137db67d8c7aa
-
SHA256
697098bd0a7aed4fa228af96addb4e6635c6ff69c80f729f3f0e82db62fc95ab
-
SHA512
8cf9bb6ba985843d57f2a013e40d3243b89e5aa0af07d504e9bcc7a2b577028a9cf24258bab14e256b7cb11f75a9a5993eff920879ab11f24c926bce85fb4c7d
-
SSDEEP
6144:wA0gX+3bpKthw8rZg+mr08M0O5wkoYfMJRNeUqNI:wA0gXgpKNknMX57ocMJRNeUq2
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-