General
-
Target
Svchosts.exe
-
Size
45KB
-
Sample
240924-nyfc4axbja
-
MD5
283c2f66ccef3a27a10e74fe8f063918
-
SHA1
ca9387655ff9b533dd36cf5641fd4eb8f88fb999
-
SHA256
f770b7e25d959f700c9119cb1d9a5ef444634a335ea9f230f06b51fdaa487ad1
-
SHA512
8243d21a66c6d52cc09d16403e7efd643fd292c7b22559472df5ea96532701799b4900527c10e8a0fee2226dfd959b0d662fffb0b9da4af0aebdbaf70756386f
-
SSDEEP
768:GdhO/poiiUcjlJInLn+eP3H9Xqk5nWEZ5SbTDajuI7CPW5v:ww+jjgnjH9XqcnW85SbTWuIn
Behavioral task
behavioral1
Sample
Svchosts.exe
Resource
win7-20240708-en
Malware Config
Extracted
xenorat
zenofs.zapto.org
Svcchost
-
install_path
appdata
-
port
4444
-
startup_name
nothingset
Targets
-
-
Target
Svchosts.exe
-
Size
45KB
-
MD5
283c2f66ccef3a27a10e74fe8f063918
-
SHA1
ca9387655ff9b533dd36cf5641fd4eb8f88fb999
-
SHA256
f770b7e25d959f700c9119cb1d9a5ef444634a335ea9f230f06b51fdaa487ad1
-
SHA512
8243d21a66c6d52cc09d16403e7efd643fd292c7b22559472df5ea96532701799b4900527c10e8a0fee2226dfd959b0d662fffb0b9da4af0aebdbaf70756386f
-
SSDEEP
768:GdhO/poiiUcjlJInLn+eP3H9Xqk5nWEZ5SbTDajuI7CPW5v:ww+jjgnjH9XqcnW85SbTWuIn
-
Detect XenoRat Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-