General

  • Target

    f81185426901a3519e4d8d030d677ecf8a50d873fecfdd3980ef3ccfac785707_dump.exe

  • Size

    45KB

  • MD5

    15b8e2ef54c276964ff060b418efe7ef

  • SHA1

    44c15cfbcd468be279a6fc87f173215ff1f6e7a1

  • SHA256

    84ab5607a472d325b4128bf0012fe9253e09a694b57bac657abf54973c9b6312

  • SHA512

    565ee7fb24a42a5c0435db3a07df15e5be5ff936383257038fd13c9d02c25d3a0db0241effc6b0c64f949f83d274d2d1e926e929dd9b2c104340fc15f45d2a57

  • SSDEEP

    768:WSisJmceOo5DHoMspLfFpyT7QHbtm+6EyqnN+8N4:AsJmfOmDILprj4QHbt+EH4U4

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

45.66.231.63

Mutex

Tolid_rat_nd8889j

Attributes
  • delay

    40000

  • install_path

    temp

  • port

    1353

  • startup_name

    vplayer

Signatures

  • Xenorat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • f81185426901a3519e4d8d030d677ecf8a50d873fecfdd3980ef3ccfac785707_dump.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections