General
-
Target
2504-16-0x0000000000400000-0x0000000000412000-memory.dmp
-
Size
72KB
-
MD5
cf9b9c1dae053f42bca28bfb2f978205
-
SHA1
954b20f60fc0a7512c9dc5dad2c4f7c8f85674f6
-
SHA256
01b8b8b62d46b7901d006a694c524570bfcb04877fe29f1fb14a64565457b45b
-
SHA512
547a1baa0e7eae11db02ef65f69e42db4d483529513454194efc3bb8bc73628b779ec360c3d1fcc20c51251b49141c483aa64281c2ae1a62472b61860ceb697d
-
SSDEEP
768:uSisJmceOoRDlY8spLfFpyT7QHbtm+mEyqnN+8N9:IsJmfO2De7prj4QHbtiEH4U9
Score
10/10
Malware Config
Extracted
Family
xenorat
C2
dns.dobiamfollollc.online
Mutex
Solid_rat_nd8889g
Attributes
-
delay
61000
-
install_path
appdata
-
port
1283
-
startup_name
bns
Signatures
-
Xenorat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2504-16-0x0000000000400000-0x0000000000412000-memory.dmp
Headers
Sections