General
-
Target
cb15dc95e0a14080e8c3df816b6d54a101c3b4a307a8db0d71131869602480d9.exe
-
Size
45KB
-
MD5
2bbb433718d061e161f1d0e224451746
-
SHA1
94d37443c9d9b71997f4918106533b76c01d8032
-
SHA256
cb15dc95e0a14080e8c3df816b6d54a101c3b4a307a8db0d71131869602480d9
-
SHA512
d61d90ecffb3ec0debc1aa679bc1ddcafeafff2cf466ee9e29b630098d2b9f6e94c994617740dc31d3962ef05371831473311cd9a2112d1ab824cd6240f71bcb
-
SSDEEP
768:qdhO/poiiUcjlJInjTH9Xqk5nWEZ5SbTDaLIuI7CPW5N:Mw+jjgnPH9XqcnW85SbTwIuIl
Score
10/10
Malware Config
Extracted
Family
xenorat
C2
82.64.210.112
Mutex
update_discord_nd8912d
Attributes
-
delay
5000
-
install_path
appdata
-
port
25565
-
startup_name
update_blender
Signatures
-
Detect XenoRat Payload 1 IoCs
-
Xenorat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
cb15dc95e0a14080e8c3df816b6d54a101c3b4a307a8db0d71131869602480d9.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections