xenorat | KNRLBOOTSTRAPPER[.]exe

Resubmissions

11-08-2024 02:35

240811-c3dvaa1djl 10

18-07-2024 20:18

240718-y3j7ysxfna 10

Sharing

Copy URL

Twitter E-mail

General

Target

KNRLBOOTSTRAPPER.exe
Size

468KB
MD5

25dd17cdd4cb0ea687bacc96f11df77f
SHA1

e35e77bbdea42a36fe4d2f456022ab07ddc1a65f
SHA256

8fb40c856daf038d45a2d5b5f93bfa48987d54493b43ac76c16a7fceb7011f86
SHA512

3144c457786e9764d8ea026d1c312e90e5158507b1133e3e477922c54a721ac29a1014d8103aba592fe2b65e831dbb8d5362968c588824894afe77de04968799
SSDEEP

6144:SWV91Ub+4jU83nN6xMrSTpNx+NgrnpGH2bRr:SiTXx

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

127.0.0.1

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
Xeno_manager.exe

Signatures

Xenorat family
xenorat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
KNRLBOOTSTRAPPER.exe

Files

KNRLBOOTSTRAPPER.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 43KB - Virtual size: 42KB

.rsrc Size: 424KB - Virtual size: 424KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 424KB - Virtual size: 424KB

.reloc
Size: 512B - Virtual size: 12B