xenorat | SolaraBoostrapper[.]exe | Triage

Sharing

General

Target

SolaraBoostrapper.exe
Size

46KB
MD5

b70eccec2079ce0b1ef1a1701349f387
SHA1

0f7a61968c427a8cd78ff161c908a2e8f4ae6138
SHA256

6491cb2ff9451e79f5ba5a621165c68b12ed8a170dcbbcec1c5b188986f04e27
SHA512

cc9d137e587498fdb96437dc0d919e6bb1c0131e594d99dcafb063a28bc40cca9958a99b45f4f62bb7b6b20049ec25ba747e59f9816ccd2d643ccfdc04255c6a
SSDEEP

768:0dhO/poiiUcjlJInwHqH9Xqk5nWEZ5SbTDaSWI7CPW5j:Ow+jjgnHH9XqcnW85SbTTWIb

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

C2

192.168.56.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
appdata
port
4444
startup_name
Windows Defender

Signatures

Xenorat family
xenorat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SolaraBoostrapper.exe

Files

SolaraBoostrapper.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ