f62fba7996ee3a127d80d0c8e2003ee09d4f278cb4aa1e303e718650aeed0c69

Analysis

max time kernel
147s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-11-2024 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xeno-v1.0.8-x64.zip
Size

19.1MB
MD5

e60bf06c220112cf873add0776e50532
SHA1

00dc3440aeba51e1d1130931e18966cd2764ca35
SHA256

f62fba7996ee3a127d80d0c8e2003ee09d4f278cb4aa1e303e718650aeed0c69
SHA512

15c08a623a5c43fc0eed9ac31818b4dd0b73ab691b12f9aa92c2bfaa4439c7e8b22c8903fdb253ccf4dc913cc50ed87140ea5783d0b3b1dcc2c23d55dd20ab1f
SSDEEP

393216:UV9dl9l7rJ9hJvLehOKt3ScrGt7pErdmv9T8r/n6lRmHob6GzlV91P78K/w2vHDb:U9lpJCDa7Zv98IfpVrAuJU/uoC+S

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2368	Xeno.exe

Loads dropped DLL 8 IoCs

pid	Process
2368	Xeno.exe
2368	Xeno.exe
2368	Xeno.exe
2368	Xeno.exe
2368	Xeno.exe
2368	Xeno.exe
2368	Xeno.exe
2368	Xeno.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
2	raw.githubusercontent.com

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
behavioral1/files/0x001900000002ab5a-855.dat	embeds_openssl

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2368	Xeno.exe
2368	Xeno.exe
2368	Xeno.exe
2368	Xeno.exe
2368	Xeno.exe
2368	Xeno.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	5220	7zFM.exe
Token: 35	5220	7zFM.exe
Token: SeSecurityPrivilege	5220	7zFM.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5220	7zFM.exe
5220	7zFM.exe

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Xeno-v1.0.8-x64.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5220

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1180

C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\Xeno.exe
"C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\Xeno.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zE464576F7\Xeno-v1.0.8-x64\Xeno.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE464576F7\Xeno-v1.0.8-x64\Xeno.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE464576F7\Xeno-v1.0.8-x64\Xeno.exe.WebView2\EBWebView\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE464576F7\Xeno-v1.0.8-x64\Xeno.exe.WebView2\EBWebView\Default\GPUCache\data_1

Filesize
264KB

MD5
ca8816fc4606d8637d803be4154f22c0

SHA1
7281aa48b9def4aa7ce14dbea4d8a99def9bcb11

SHA256
a6eda5a50bbed2c197d36bce83486c1109d95f8236863f49979570bbdc7368a4

SHA512
870f2cf30c27b67fdd86988138ec3490e75025394117f1eb89e6a643cc6cfbb2ab26648ce42b8fd0afd2d2039a06e28ccd27685382df1488948c2237f5d4ee77

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE464576F7\Xeno-v1.0.8-x64\Xeno.exe.WebView2\EBWebView\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE464576F7\Xeno-v1.0.8-x64\Xeno.exe.WebView2\EBWebView\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE464576F7\Xeno-v1.0.8-x64\Xeno.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE464576F7\Xeno-v1.0.8-x64\workspace\V.G Hub\PLSDONATE.txt

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\Microsoft.Web.WebView2.Core.dll

Filesize
557KB

MD5
b037ca44fd19b8eedb6d5b9de3e48469

SHA1
1f328389c62cf673b3de97e1869c139d2543494e

SHA256
11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197

SHA512
fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\Microsoft.Web.WebView2.Wpf.dll

Filesize
50KB

MD5
4a292c5c2abf1aab91dee8eecafe0ab6

SHA1
369e788108e5fb0608a803fa2e5a06690b4464b5

SHA256
b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4

SHA512
ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\Newtonsoft.Json.dll

Filesize
695KB

MD5
adf3e3eecde20b7c9661e9c47106a14a

SHA1
f3130f7fd4b414b5aec04eb87ed800eb84dd2154

SHA256
22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07

SHA512
6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\Xeno.dll

Filesize
939KB

MD5
9aaf4a8bcc3184f454469a9f797db8d4

SHA1
6b2efb332677c5b9fd0f04b19ba5a8d756c1eccd

SHA256
01bb8bff6ea8bdc11eb8eac83cef98f54e8694746712b12f3e260e6abf91ed48

SHA512
bd6b85a05995a2b9760d873790eb638e71c5c0a8c8e6ffdd22ae137f6873973052c13fd461e51a6c2ce8f2d6538d3e35e9cc044d203044a11833d50480ef9e24

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\Xeno.exe

Filesize
140KB

MD5
4a2e503ab9a31880995e60ece8784b13

SHA1
5248db95700f5e600c824e736d8d1223f620ddf8

SHA256
5a7eb83a45bfb81b23485131a2f80820f3889c69c89257188ec6eb093f375dc9

SHA512
908f03a9901aea84df72fa70318aacf773ecd76465f5c9495a89c26e48e7c83c0fadce4fe58e1f7567a3a76f125a9245a18a1b5d5b0d076e15baf3c843a093b5

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\XenoUI.deps.json

Filesize
2KB

MD5
5a6f595e20ec811e25737019810cac58

SHA1
5bb6c2e764bd86cd7cbb041a9bb5f7e198331a1d

SHA256
8469498480ead9fec50de420d705f820a0997ebf18579f2f5ada5b7b5d420300

SHA512
de0c0d9bb59589cfa676546a78fd0f93f3486cb420d7f8a973d5c770ecd64936f2f5f1506e70515b0b21ff7a0706283e4677ec73c5ece6cd7e8c4eb478a7aa83

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\XenoUI.dll

Filesize
73KB

MD5
3afc560eeab3dd7c4d4d1efa121e7645

SHA1
da16e9d49d77ca9af5aad37ba638418253e27eef

SHA256
962b2f5dfc883b9dfdf0b996c797b7c67da75fbb8a5fdcb965c2ba0d684caa79

SHA512
7dc2a12412fbfdfe59eb3fd4d2b96bd90fb6bc2b3a3c27c989dd60c7e705f927bd959547c1e15c9ef1df21a388ac3ead189802e12e533a2260c32577c12f9874

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\XenoUI.runtimeconfig.json

Filesize
458B

MD5
07b9a30265ca4e69c7016a1b6e3ffc27

SHA1
3a4af82a2695b1423aedd8b60a5c86793c011b02

SHA256
c71152bf25e40d647b2440c5b39be157a3d356106be9d5b678ab97bb87b4e782

SHA512
efd582f8edcdba5ef48d02eee5f73d83ff35071af99b49e08e0213928568d728d0856e3b903bfcccb9237f786846cf94da83139f99e9bee86287aff2071c3f1c

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\bin\Tabs\config.json

Filesize
239B

MD5
7ec6184fb6ddec2763650ca4e9baa104

SHA1
b965db012b214ce8f0af3c9cd934d6618345c47d

SHA256
3db860d8cc888d7d2dbcacca278392b8ebb502dc73ee54d6f9c5065c9c16ed95

SHA512
fced75ad0a86d128f2324627db8d2fbc7e28712157c1db9de827c88f0115e62f845393385b78d252e1f41d6daa1d5bf315342a6c8165120481d133ef996ec777

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\libcrypto-3-x64.dll

Filesize
4.5MB

MD5
e3e4236c4483dbe1bc5954fd63c965b8

SHA1
ae8b364d2e43221466f2aa3f3c9412a713214c53

SHA256
923d7641e3655c627b80dfd63bd5e701a26e9b8b6186d56b901a60cb57494901

SHA512
7130ee5db3c7570f68b454df138926ac710e9095f1e4ff7d74ef0e329e793d20fe95eb6409730203cc706410c3efd2cf6b1c1eab26a655d29a1f74673cc8abc8

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\libssl-3-x64.dll

Filesize
802KB

MD5
4e2a30eba5388b0fe1838137a61ac255

SHA1
b6563a03f357478632d38f0f5ed28feb2af2ccf8

SHA256
ce0c322e48b95a719cd51728471e04197448d9f2ae1d0be0c99a745833dfd3a2

SHA512
4480c658eb4e3563f2622ba2a7f1f80a73e1f5aa27753030e1a7a8ca3abf07656067604e8042ca943d9cefc2524c830250dacf08ea7fc45d3bd7fa963b579917

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\runtimes\win-x64\native\WebView2Loader.dll

Filesize
161KB

MD5
c5f0c46e91f354c58ecec864614157d7

SHA1
cb6f85c0b716b4fc3810deb3eb9053beb07e803c

SHA256
465a7ddfb3a0da4c3965daf2ad6ac7548513f42329b58aebc337311c10ea0a6f

SHA512
287756078aa08130907bd8601b957e9e006cef9f5c6765df25cfaa64ddd0fff7d92ffa11f10a00a4028687f3220efda8c64008dbcf205bedae5da296e3896e91

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\xxhash.dll

Filesize
46KB

MD5
0e9fecea29b2b3d5ef064e112436e9d1

SHA1
69423218652f7837766ce03fe9edeaf751266cc5

SHA256
73c84884a2ccde1d10bec0820a6661920e70e4b53fa99ad510acf5ed1b36af97

SHA512
bd57bc9b8298faffc091b928537794a50c81d985d60edba7863e2976846cb08fd469c6054ff7ec574df6f0a2aea1fb72ed9cff44fa219e834129876293cd2e93

Download Submit
C:\Users\Admin\Desktop\Xeno-v1.0.8-x64\zstd.dll

Filesize
638KB

MD5
567198a0119e3e2ec94208f1cda7aa28

SHA1
350224b13d1cc2f944a4a2bdd951e9ef80be5784

SHA256
6c63d08182dede465c95e48a235894e598a61cc24e0ba4556637cc9c1a1e0951

SHA512
ed01636af37932dca7aa7709389dba184e16f93aa3be4fe622850df0f791c85111367a10434edf0c986079069a3574e0acdbbac4d9cae9c58fc01f9f034f40ec

Download Submit