General

  • Target

    SecuriteInfo.com.Win32.CoinminerXgen.22200.11178

  • Size

    242KB

  • Sample

    240704-vwmsqascqc

  • MD5

    a3f767e76c8c6baa9a154d576c7ba49d

  • SHA1

    c9a2479bd372fd3ae569b67fc132eac6d5ad9ef0

  • SHA256

    eb9a9a49e21219cdc673eb0b3266c2f4c2a759df7c17f4c19ede70e1d5b01dc5

  • SHA512

    6e567b6dab41a56eb777a06644e1f6ba0d80131ebcd03443e3b526ef5f7dfaaa3f41ee175a26e976d1b6deef4967d677ec71f87cc63a26559e39e1a6c46042ab

  • SSDEEP

    6144:94OlpLX5KTcVgpod/a3gctM7lresEobLr49+I:igX5Pg2dC3ft+wsEobLr49j

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

dns.dobiamfollollc.online

Mutex

Solid_rat_nd8889g

Attributes
  • delay

    61000

  • install_path

    appdata

  • port

    1283

  • startup_name

    bns

Targets

    • Target

      SecuriteInfo.com.Win32.CoinminerXgen.22200.11178

    • Size

      242KB

    • MD5

      a3f767e76c8c6baa9a154d576c7ba49d

    • SHA1

      c9a2479bd372fd3ae569b67fc132eac6d5ad9ef0

    • SHA256

      eb9a9a49e21219cdc673eb0b3266c2f4c2a759df7c17f4c19ede70e1d5b01dc5

    • SHA512

      6e567b6dab41a56eb777a06644e1f6ba0d80131ebcd03443e3b526ef5f7dfaaa3f41ee175a26e976d1b6deef4967d677ec71f87cc63a26559e39e1a6c46042ab

    • SSDEEP

      6144:94OlpLX5KTcVgpod/a3gctM7lresEobLr49+I:igX5Pg2dC3ft+wsEobLr49j

    Score
    10/10
    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks