General
-
Target
27e2394f7b506257a8afa48049a8fe2fef59dc87957def06bd51d1d9dc191732_payload.exe
-
Size
45KB
-
MD5
a186adfbd28c7e573d1fe5b4f7f54cf7
-
SHA1
42e384baa0b01cb680eb7a73406e47a0ea50e446
-
SHA256
d5028e10a756f2df677f32ebde105d7de8df37e253c431837c8f810260f4428e
-
SHA512
d989d44a883d55493401d00a6333bf1dafb7f1085a7dd0b3a0b0ed2a1144ceedb939a37c9d7c9724ed04123c371f97e2a7df1efaa6f7abee0286d488a20ec93c
-
SSDEEP
768:mdhO/poiiUcjlJInNa3H9Xqk5nWEZ5SbTDatuI7CPW5G:Qw+jjgnCH9XqcnW85SbTouIe
Score
10/10
Malware Config
Extracted
Family
xenorat
C2
77.221.152.198
Mutex
Xeno_rat_nd89dsedwqdswdqwdwqdqwdqwdwqdwqdqwdqwdwqdwqd12d
Attributes
-
delay
5000
-
install_path
appdata
-
port
4444
-
startup_name
nothingset
Signatures
-
Xenorat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
27e2394f7b506257a8afa48049a8fe2fef59dc87957def06bd51d1d9dc191732_payload.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections