xenorat | image logger V2[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

image logger V2.zip
Size

163KB
MD5

e5849c5c4b94626f2efe6e1484e39471
SHA1

bc55f5c6dca017f2d090b006003abf6bd540a3bf
SHA256

6f627ccaede437d4768d2bd22d6f9172077d45f239a1aeec8eaa75cf0f2f6f4d
SHA512

d8696f0a782d890c66b7a1bb5a0106eda19f13c0da553211923043da2669c594eee7dc567b30e13b5e12661cf8bce5c34fc8dc0cd8b3aa81c01d98b0ebc544ea
SSDEEP

3072:0Hn8b/nedxj2zqZkfJfw+jqX491UbTKzT+1kUPR/yOKqpnfq5N0:oyqZkfqWd91UbnzP8Olc0

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

C2

192.168.1.164

Attributes

delay
5000
install_path
nothingset
port
4444
startup_name
java updater

Signatures

Detect XenoRat Payload 1 IoCs

resource	yara_rule
static1/unpack001/image logger V2/imageloggerV2.exe	family_xenorat

Xenorat family
xenorat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/image logger V2/imageloggerV2.exe

Files

image logger V2.zip
.zip
image logger V2/LICENSE.md
image logger V2/builder.py
image logger V2/cert
image logger V2/imageloggerV2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
image logger V2/loader.py
image logger V2/requirements.txt
image logger V2/tools/__pycache__/sigthief.cpython-311.pyc
image logger V2/tools/__pycache__/upx.cpython-311.pyc
image logger V2/tools/obfuscation.py
image logger V2/tools/sigthief.py
image logger V2/tools/update.py
image logger V2/tools/updater.py
image logger V2/tools/upx.py
image logger V2/version.txt