General
-
Target
2a8d5a1ffaab412d105732aa88021fa9.bin
-
Size
223KB
-
Sample
240907-bgmdvsxajr
-
MD5
26b9cc193e45cd2d6b416d3428dfa897
-
SHA1
64c94e09726e900b21da24d7709ed57983984fbb
-
SHA256
a31418649e34c3dc565170c37075fcdd93a158dd2e16ac80688ec2cbe58134c2
-
SHA512
5f9d93884dfec12b27448aaddc41584cbf74befff4b2503c386dd957c795b165cabd4f82d95e1b5043e98cc00e258888e6e8155dcb042d143f61485e5de537bb
-
SSDEEP
6144:9nXJH9KAVRZo1+vGRruUFbUDzpFBPxXuXtOMmAr:NZHlfS/RpeF5Vudlm0
Static task
static1
Behavioral task
behavioral1
Sample
2b700f4c8c95319e90414db0e22d42467ebf5843d397b907f817672b9501ade1.exe
Resource
win7-20240903-en
Malware Config
Extracted
xenorat
154.216.17.155
Xeno_rat_nd8912d
-
delay
50000
-
install_path
appdata
-
port
1356
-
startup_name
csvr
Targets
-
-
Target
2b700f4c8c95319e90414db0e22d42467ebf5843d397b907f817672b9501ade1.exe
-
Size
348KB
-
MD5
2a8d5a1ffaab412d105732aa88021fa9
-
SHA1
ff1a188dc9121e1cd8feda55937a01efe47ecdcd
-
SHA256
2b700f4c8c95319e90414db0e22d42467ebf5843d397b907f817672b9501ade1
-
SHA512
840dd6d020ee45f14c60dafb662da94aee39e36e2e6eaf2aa3c16f5e1a5255db9d93a5bc4fe0693c8b6bbeecfba799d7f260b60e5365d9ba62fd54ad000c2dcc
-
SSDEEP
6144:aVLrSJPZdikuk3beCsq2+1yEijN2HWEvIEwpFJ+zXbqUKXYI:ULrSJzikukasjOwHzQHpFJ+zXbqUKXF
-
Detect XenoRat Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-