General
-
Target
676-341-0x0000000000400000-0x000000000042C000-memory.dmp
-
Size
176KB
-
MD5
bd8b2f410688ca655f38ddd3f038dd18
-
SHA1
fd7d67e8999793ab03e9ced888a84be5e0855176
-
SHA256
f5777be48cb503af368ec30896aea9f7ff6379b2520a634a20dad1b3d0111053
-
SHA512
310276cdc8065295c1a83d1d93a5dc517146d3c740b646a7b2840531db5792dcb7123d2e78645220604b756360a77522d7ee63e9a2cc307978105e823a9c8ff8
-
SSDEEP
3072:tw+jqcM91UbTFLdzFBPzzSl+XVionHzzfMZJtklc5Dz4ITIQxUcwBrle774bcaBq:aW3M91UbV5zzSl+XoEzzG77kcavP6
Score
10/10
Malware Config
Extracted
Family
xenorat
C2
dgorijan20785.hopto.org
Mutex
win_sv88778sl
Attributes
-
delay
5000
-
install_path
temp
-
port
4488
-
startup_name
logons
Signatures
-
Xenorat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
676-341-0x0000000000400000-0x000000000042C000-memory.dmp
Headers
Sections