Overview

overview

10

Static

static

10

8d295159cc...01.exe

windows7-x64

10

8d295159cc...01.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8d295159cce2778dac9a6bf29ce88e99afb688a5fa68f058a52ab03ca154a501

  • Size

    45KB

  • MD5

    f4107d4e78c5eec963a173ef77c9fe80

  • SHA1

    bb48761742c09b59ba4ed46e7c4a1ec2ce7f92a3

  • SHA256

    8d295159cce2778dac9a6bf29ce88e99afb688a5fa68f058a52ab03ca154a501

  • SHA512

    68b61f68a669253a34f7125b890e3cc59feef9e3144b03a710eb5c442af0dabc35b233c992bdf73db5709b3f9e2a9dd1206b34300ab9a72460d8ba23c636d60d

  • SSDEEP

    768:edhO/poiiUcjlJInJ3EH9Xqk5nWEZ5SbTDaiuI7CPW5V:ow+jjgnlEH9XqcnW85SbTHuId

Score
10/10
xenorat

Malware Config

Extracted

Family

xenorat

C2

davidkholio.ddns.net

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    nothingset

  • port

    4444

  • startup_name

    nothingset

Signatures

  • Detect XenoRat Payload 1 IoCs
  • Xenorat family
    xenorat
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 8d295159cce2778dac9a6bf29ce88e99afb688a5fa68f058a52ab03ca154a501
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections