xenorat | b676dadc109d8b1322111502103a943073180b3daa78a04637448b148730736d[.]exe | Triage

Sharing

General

Target

b676dadc109d8b1322111502103a943073180b3daa78a04637448b148730736d.exe
Size

46KB
MD5

8462795ada587c3bccdb59c2f48e5bfe
SHA1

ae155c1d78ba4adfbfe5aa022a2deb725fc1dc9a
SHA256

b676dadc109d8b1322111502103a943073180b3daa78a04637448b148730736d
SHA512

7860b4447fe17084e0225a052d9712b3fe332cdd6e4f59d1057e4613c07c416f1cfe36c1a49bf0f631a4289ac49fb24518c63fb03ed7a6df2af832361e764ff6
SSDEEP

768:qdhO/poiiUcjlJInfFH9Xqk5nWEZ5SbTDa/WI7CPW5w:Mw+jjgnNH9XqcnW85SbT+WII

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

C2

62.133.174.224

Mutex

RuntimeBroker

Attributes

delay
500
install_path
appdata
port
3056
startup_name
RuntimeBroker

Signatures

Xenorat family
xenorat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b676dadc109d8b1322111502103a943073180b3daa78a04637448b148730736d.exe

Files

b676dadc109d8b1322111502103a943073180b3daa78a04637448b148730736d.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ