3b6a3eec7f55fd91e8cba4aa803937a57bdb7da5e987767ef9c93f2332b57fee

Sharing

Copy URL

Twitter E-mail

General

Target

Xeno-v1.0.7-x64.zip
Size

4.1MB
Sample

241003-ax1ezsvfkp
MD5

68d369b6116bf94f8eff46594e801f61
SHA1

b18702f9590b3dccdfe8ae3a3847b2cb24e52ded
SHA256

3b6a3eec7f55fd91e8cba4aa803937a57bdb7da5e987767ef9c93f2332b57fee
SHA512

4bff7f96126ee8756193a7132a1246ae87d1e599f9da43b7968b35b90830dff80f1f45967fab334d0c8130d45121dd0a0e2d3a312dbd85ad3fe33872e08ca36a
SSDEEP

98304:SpeSPHPx0NL9Cteaqxt5JwlVLnwphakez+xnDHS9aIh60JTLcRH/sqNJ+zs1:SESfPml9UeaSt5J4uhJesLSZhH4RfnNX

Score

7^/10

discovery execution

Malware Config

Targets

- Target
  
  Xeno-v1.0.7-x64.zip
- Size
  
  4.1MB
- MD5
  
  68d369b6116bf94f8eff46594e801f61
- SHA1
  
  b18702f9590b3dccdfe8ae3a3847b2cb24e52ded
- SHA256
  
  3b6a3eec7f55fd91e8cba4aa803937a57bdb7da5e987767ef9c93f2332b57fee
- SHA512
  
  4bff7f96126ee8756193a7132a1246ae87d1e599f9da43b7968b35b90830dff80f1f45967fab334d0c8130d45121dd0a0e2d3a312dbd85ad3fe33872e08ca36a
- SSDEEP
  
  98304:SpeSPHPx0NL9Cteaqxt5JwlVLnwphakez+xnDHS9aIh60JTLcRH/sqNJ+zs1:SESfPml9UeaSt5J4uhJesLSZhH4RfnNX
Score

1^/10
behavioral1 behavioral2
- Target
  
  Xeno-v1.0.7-x64/Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral3 behavioral4
- Target
  
  Xeno-v1.0.7-x64/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral5 behavioral6
- Target
  
  Xeno-v1.0.7-x64/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral7 behavioral8
- Target
  
  Xeno-v1.0.7-x64/Xeno.dll
- Size
  
  923KB
- MD5
  
  1947db1107a8a8abc6a24a21e178c6ba
- SHA1
  
  4625fc045beef35d5321625ff07b657623e535b9
- SHA256
  
  1f4a057195912fad1a1bb32d184c88f22eb656103e31abdd24a31cdcaa8c8770
- SHA512
  
  aed25ea30bb17ebe1976c6088fd3b6956234d233945c2a8e4a7969f7ec3811804ea304ebfaf8bd0d13658189093b7ee44fdec837ca94998bff71f3303ae008c8
- SSDEEP
  
  12288:mvj0UJ96pW8Uq3j4Q4mhLMAL7CAFV5SiPro5hJrElGPYZW4KkI:mB9stUqUQBdvCAFTSSo5fr1YI4KkI
Score

1^/10
behavioral10 behavioral9
- Target
  
  Xeno-v1.0.7-x64/Xeno.exe
- Size
  
  140KB
- MD5
  
  bba19361e95fad55980cc79f7b11a1cc
- SHA1
  
  30aa76dae8ec4a51009ce1f6b0284d590866d075
- SHA256
  
  7ca5cd5097399df4cfe240eff4984fb4b6fb2e3f89948ec7cd9e1323b3779f0e
- SHA512
  
  e4a854009c627f495eab965cc08687c0de0f73fab7f9d1a8fa6118a8f8e42c670ebbd12eff5c9b1358249d87e885436aa8e621fae89943eede86bd24835b620c
- SSDEEP
  
  3072:rjK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfOUhBu7A:rjK4TDUqgpqWDLZ5H+xuZ04nhA
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Xeno-v1.0.7-x64/XenoUI.deps.json
- Size
  
  1KB
- MD5
  
  8892a6f011766252ce158fac02b8e5da
- SHA1
  
  a2169f6d176216a136b8db56b191cdf8e90394d3
- SHA256
  
  acc8de976ea8ebe1cd209a9b03d327b9701b244b86b7dae58aa38405ac76032d
- SHA512
  
  33293a050ce9017bf2e7a5c74decf42a98efbc8b23e5fa0b14b92b9df13091d530754b50caf03b6ab447ad81df74ebfc21f4ec69d8b288b6279fdaa9b7a9445c
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Xeno-v1.0.7-x64/XenoUI.dll
- Size
  
  63KB
- MD5
  
  c64448e5515fcf56f411679489a8a793
- SHA1
  
  9ba0b071a5894dcc6e6b393250baccc62c3c4641
- SHA256
  
  a0a7ce3c421805495d0927d35172207ad763755dc6a8773022999cf67b8b6428
- SHA512
  
  75464da280ba3df5b20b27f5c3c5f40015e0b1b96bc7b355efaa254efd325fe3f12c8195e02b52a9493782e7a9eee8876d478b0ee5588679803989ded8e57a9a
- SSDEEP
  
  1536:IUVHp+9Tr/m2ZrBMp9qlDM/APHV5y67ssPn:IL9Tr/m2ZlM7y7Pby67Jn
Score

1^/10
behavioral15 behavioral16
- Target
  
  Xeno-v1.0.7-x64/XenoUI.runtimeconfig.json
- Size
  
  458B
- MD5
  
  07b9a30265ca4e69c7016a1b6e3ffc27
- SHA1
  
  3a4af82a2695b1423aedd8b60a5c86793c011b02
- SHA256
  
  c71152bf25e40d647b2440c5b39be157a3d356106be9d5b678ab97bb87b4e782
- SHA512
  
  efd582f8edcdba5ef48d02eee5f73d83ff35071af99b49e08e0213928568d728d0856e3b903bfcccb9237f786846cf94da83139f99e9bee86287aff2071c3f1c
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Xeno-v1.0.7-x64/bin/Monaco/index.html
- Size
  
  164KB
- MD5
  
  a9793319d1395e6f3564bba48465d42a
- SHA1
  
  1db3ca7fa5e0270c4e278755983d7af83110db0b
- SHA256
  
  02ac2ceafc55b77fc9ae9dd8c15285a4bb0247f5851ae601c9cbfef5228a8325
- SHA512
  
  f2d0fc7c9ab587cbf394ca0bef4647bf2f9370478c4ad9595192f3d03a35d74f514df9c8ca127a547db7a2dbd7ef988814cd9c05f907ef2e39c436e014f2c9c8
- SSDEEP
  
  3072:Nk4J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7pblL:64J09BA3pZaFD48VOAGUWYPjdlLJbRB9
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral19 behavioral20
- Target
  
  Xeno-v1.0.7-x64/bin/Monaco/vs/base/worker/workerMain.js
- Size
  
  133KB
- MD5
  
  d0ac5294c58e523cddf25bc6d785fa48
- SHA1
  
  1b3661b6db36f1b14fd80dc9a739bfc69c68dfe5
- SHA256
  
  e90d1a8f116fa74431117a3ad78dde16dde060a4bf7528dfe3d5a3ad6156504b
- SHA512
  
  fea07a1ea5d29a3b4c614248655f4d1ddd94c10c6a6b5c8b428a8b4c0cbec7e7492fa0665c5001e65ce167240ffdfc5ac2c2ed14da3d6f508ae8d8b3c8e8eebb
- SSDEEP
  
  3072:bzjH/zYJc5c/7tMLrJ78II4F9N8+em5W+:XjH/zYJc5c/76LrJ78I7BL
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  Xeno-v1.0.7-x64/bin/Monaco/vs/basic-languages/lua/lua.js
- Size
  
  4KB
- MD5
  
  eebda1fdd970433750c115eae2f03865
- SHA1
  
  3f1a1cddb99dead013eac825eb418241656d4bf0
- SHA256
  
  ac729efb3164f48d6b08f74d4b15060c126a30d40fb4cd4fc9cc94f2e19bd7c7
- SHA512
  
  8b188f3ae73a14a9318dce9761312d9dd2360ab00ee36e83ca6b74288a109c91770954db7537fd84a76707a1e79528fffc97f3a718bcd924545b469a1363c9cb
- SSDEEP
  
  96:HDGAW6FJJJkCO8evcIWtdrvrg+1/sLMiWAOKjLobLMzD:BWCDqC20IWtZD92pzOKvomD
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Xeno-v1.0.7-x64/bin/Monaco/vs/editor/editor.main.css
- Size
  
  294KB
- MD5
  
  23c7db6e12f6454ef6e7fb98d17924d8
- SHA1
  
  06398b44a338db5eeab2d461347334fc69af5af1
- SHA256
  
  615824c59ed1e07f5924286e9f02f3120b9064d59e115d3f668a914e07839451
- SHA512
  
  5ed3103e4f6640ca71e103e7f3752aca3027d8c563084d519f9d6358018ccdfacd0c4c08b69e510f88effa2b56dce04241ee7f92f3db99d9077b49ed7271d924
- SSDEEP
  
  6144:TzsUTrsZ7KcNkuwcv2As0aMY/Y/RR9MtpWKco:TzsUTrsZXkW4/50i
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral25 behavioral26
- Target
  
  Xeno-v1.0.7-x64/bin/Monaco/vs/editor/editor.main.js
- Size
  
  2.1MB
- MD5
  
  a7e3083cfe200263edfb4bf011b893a3
- SHA1
  
  18b52dc38e7a8a612892f5e60a08d9b19e1f472f
- SHA256
  
  9e2fb6171592f7a3c33d3b5baef58b516b36473ff7717bbd643574991923435e
- SHA512
  
  6bbb149102958e23c42accbbd18595fcfffd547bb826f2309956c036983692e83b7313567a42e50d98a1c946fab554e32b77ef4d0f8bc0cc7f0dda196fd7e23b
- SSDEEP
  
  24576:jFFExk98EXl2uRJxjP3Gdv6QLtQ2MbRpn:Yxk98EXl2ixjP3Gdv6QLtdMf
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  Xeno-v1.0.7-x64/bin/Monaco/vs/editor/editor.main.nls.de.js
- Size
  
  46KB
- MD5
  
  d1fd2fb756c73970b9c5e0ba07bff708
- SHA1
  
  470057b3244886dccc9f6074297cc8bc2a9c1b39
- SHA256
  
  cb1c3416ff242a738c45c3b2590d7d222b159a95a69ce3b7b8d7c8d18ea70828
- SHA512
  
  db2432182ff4c85fcca5093d0e433ed9cf5bed3ea3db9ed82fedc87af4d260e0d0f29ff67f0b8ac78e162586a74998ad082a91e8f9a76717827a83d5b2f775cf
- SSDEEP
  
  768:ocuLC1xYdRB1a3Xq1GdigBoQqAaI/QQUEYPxFpXT1kF7bJZYmz7lehjDWMQRBk3Z:oclxgVuXq1GdiRQqAaI/QvEYPxFpDkbg
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Xeno-v1.0.7-x64/bin/Monaco/vs/editor/editor.main.nls.es.js
- Size
  
  46KB
- MD5
  
  36f546b28ca17ece9f8eb9bcf8344e13
- SHA1
  
  d43934b9041587799e332b2f568aa81666227258
- SHA256
  
  327437ee3793e9ae0686c78196b459592c282ed2e86f95ce28d32693b76d7654
- SHA512
  
  13f8cc23038c07b6840514db4fc7b503b7a38ae1ec3baab44f1bfbded40ac50ae03c05c754f9678eecd0c8fcefab958152b39b731068b8c2c976c4c57e97f36d
- SSDEEP
  
  768:oX8nKFyVgAYwTQG8zHqIkGMvnmvoKA9OfxjB3EVuU13pjbazPn0ANy7+IkLDKPp9:oMKFyVRcdzHqIkGMvnmvoKA9OfxjB3E5
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Legitimate hosting services abused for malware hosting/C2

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32