Overview

overview

10

Static

static

10

2708-9-0x0...ry.exe

windows7-x64

1

2708-9-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2708-9-0x0000000000400000-0x0000000000412000-memory.dmp

  • Size

    72KB

  • MD5

    94630fd93d1be453bc8d786357fe28d3

  • SHA1

    eea60ab0203a8a77ed131b6bc2b784dbc74d65b5

  • SHA256

    1b62f1f0a01c971eddf198bdda0110ae0d26dea7211cd3ab9b166728fff7710d

  • SHA512

    98ad0d705d6c8fbd3d3dfc5289ebcf6fc4b1e35d3dc5b62591aae23354c17dbc5363f2301f2d0fadf28e64d48d0d67d359e002c0f06f397235fe62cc6e05c32e

  • SSDEEP

    768:udhO/poiiUcjlJInEFH9Xqk5nWEZ5SbTDagWI7CPW5:4w+jjgnMH9XqcnW85SbTpWI

Score
10/10
xenorat

Malware Config

Extracted

Family

xenorat

C2

66.63.168.142

Mutex

Microsoft_nd8912d

Attributes
  • delay

    5

  • install_path

    temp

  • port

    4782

  • startup_name

    nothingset

Signatures

  • Detect XenoRat Payload 1 IoCs
  • Xenorat family
    xenorat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2708-9-0x0000000000400000-0x0000000000412000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections