xenorat | svc[.]exe | Triage

Sharing

General

Target

svc.exe
Size

45KB
MD5

75cf1faac1fbab522db5273d2916eb02
SHA1

b3ede9b5b70d9742a576c6f8e70e3961a24612a8
SHA256

e20a68d2f697e867867fa7a54688b02d80f7703a4134747fb1c4f90068cd76c6
SHA512

ab2946a0f8d00b66f5a0e86573eb129c3a536ae36351144f51ed6857be975a14d02b0a6df1ab9172a251fbf88baa976ecef3410e45fa4bb2ea406c2c9edbd1e2
SSDEEP

768:hdhO/poiiUcjlJInUbqmH9Xqk5nWEZ5SbTDawWI7CPW5K:fw+jjgnWH9XqcnW85SbThWIS

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

C2

10.200.166.240

Mutex

svchost

Attributes

delay
5000
install_path
appdata
port
4895
startup_name
svchost.exe

Signatures

Xenorat family
xenorat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
svc.exe

Files

svc.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ