General
-
Target
2768-15-0x0000000000400000-0x0000000000412000-memory.dmp
-
Size
72KB
-
MD5
624a9a4760ad5c634bb13e2278970f44
-
SHA1
964cf01e9db83024f0816805653b5e8a769abb8a
-
SHA256
41641a9ec69c33d12d48c5ef91d0714f5e10c0aa6362088ec0c9d87107d312a6
-
SHA512
ce2296f4321f8949765b5df64f1fc7d37598ea1459e88455732e9b931eabba1ab529e13844abd7704bd1412dfc4a97d5e9d6a190fc311b9c869c33b30cd850ed
-
SSDEEP
768:hdhO/poiiUcjlJIn/rtUH9Xqk5nWEZ5SbTDamWI7CPW5p:fw+jjgn/BUH9XqcnW85SbTPWIR
Score
10/10
Malware Config
Extracted
Family
xenorat
C2
109.248.150.212
Mutex
eno_rx_nd8912d
Attributes
-
delay
5
-
install_path
appdata
-
port
4444
-
startup_name
nothingset
Signatures
-
Detect XenoRat Payload 1 IoCs
-
Xenorat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2768-15-0x0000000000400000-0x0000000000412000-memory.dmp
Headers
Sections