General

  • Target

    Ro-Aimbot.exe

  • Size

    45KB

  • MD5

    2c06419f8810e416616ce7cae79e805e

  • SHA1

    a34a5dc3e77b6f0168a45b7deb29a8b2d1c2c5d1

  • SHA256

    2c113e88191ce895f1559e9ea794b1d7023d704ed5293c74d3b797900492c8cf

  • SHA512

    aee4105cc93d843013896d70b49f2ef269f152e2287340e13914c5825147f843beea3c33f2657b6cba29f9838007f9d6b2b942dec1382260f11975f4e4c414c9

  • SSDEEP

    768:HdhO/poiiUcjlJInobqmH9Xqk5nWEZ5SbTDaTWI7CPW5j:9w+jjgnKH9XqcnW85SbTKWI7

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

127.0.0.1

Mutex

RobloxCheates

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4782

  • startup_name

    JavaUpdate

Signatures

  • Detect XenoRat Payload 1 IoCs
  • Xenorat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Ro-Aimbot.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections