xenorat | 8462795ada587c3bccdb59c2f48e5bfe[.]bin | Triage

Sharing

General

Target

8462795ada587c3bccdb59c2f48e5bfe.bin
Size

20KB
MD5

dee27106b89b6a767cdc1db4be57c29b
SHA1

981be531ec334b7d15997011d3e5bb69a4faa533
SHA256

308c4f2eb6da5e89b98cd1a6c7634f433ea467ab07043d84a1b178c78489e8c5
SHA512

bc29749580d800907ce89a53fbc2d2b1e34e07de7e7cf9e58eabccb1e579d121212a16bbfcf8934ebe33a975ff20460301e20e14e8169656ab0ccc8328cec158
SSDEEP

384:E/55+YywEjVgt45mc+2l1i5WV14c+lQF9T5e4oc8PsuGuQ2+tnCIk:85+9ZjVMU+gQ614a/ew8PRGuEBk

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

C2

62.133.174.224

Mutex

RuntimeBroker

Attributes

delay
500
install_path
appdata
port
3056
startup_name
RuntimeBroker

Signatures

Xenorat family
xenorat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b676dadc109d8b1322111502103a943073180b3daa78a04637448b148730736d.exe

Files

8462795ada587c3bccdb59c2f48e5bfe.bin
.zip

Password: infected
b676dadc109d8b1322111502103a943073180b3daa78a04637448b148730736d.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ