General
-
Target
071b34db990e638a009be9150667028f.exe
-
Size
50KB
-
Sample
240921-rbkwvawcql
-
MD5
071b34db990e638a009be9150667028f
-
SHA1
65543849fe430e318eaecfda9df0e83ba1295100
-
SHA256
b74d5e183bf67a8eb626871a81386a832270929adbb554d568f7988494052e41
-
SHA512
8d2b2d3a358f9c95d125b73b58058a1408cc360818e28bb9667f5a82edc7216f7205778413682d8e9548dafced304c07ad0fcb669672201dd0fe01294ad3c5f5
-
SSDEEP
1536:8SqFroF0UEPmLCEQjkaKFW8TnWfrjAzRVfY4oxIh:8SqFJPXKE8rSrjAY4os
Behavioral task
behavioral1
Sample
071b34db990e638a009be9150667028f.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
071b34db990e638a009be9150667028f.exe
-
Size
50KB
-
MD5
071b34db990e638a009be9150667028f
-
SHA1
65543849fe430e318eaecfda9df0e83ba1295100
-
SHA256
b74d5e183bf67a8eb626871a81386a832270929adbb554d568f7988494052e41
-
SHA512
8d2b2d3a358f9c95d125b73b58058a1408cc360818e28bb9667f5a82edc7216f7205778413682d8e9548dafced304c07ad0fcb669672201dd0fe01294ad3c5f5
-
SSDEEP
1536:8SqFroF0UEPmLCEQjkaKFW8TnWfrjAzRVfY4oxIh:8SqFJPXKE8rSrjAY4os
-
Detect XenoRat Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-