Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
python.exe
-
Size
45KB
-
Sample
241117-x6kr8awmay
-
MD5
df1f1e473daca7aeab35952a9c8b3e0e
-
SHA1
89ef8d815e328bd1038c92d03de549915d52ee95
-
SHA256
57173c561934b97d74b3cdb977f625e6425022df70218eecd7c8acde71c79690
-
SHA512
4a631e7eb7d1af9a60e3c5c79b61b33a56ab517871fb2396737628718a3c8cb22e0a039f63fdcc242644d5a8af64a8b38f3a6557b0659b2cafaf4d5990a7565b
-
SSDEEP
768:FdhO/poiiUcjlJInnSH9Xqk5nWEZ5SbTDa/uI7CPW51Zvn:bw+jjgnSH9XqcnW85SbTKuItZvn
Behavioral task
behavioral1
Sample
python.exe
Resource
win7-20240903-en
Malware Config
Extracted
xenorat
127.0.0.1
pythons
-
delay
5000
-
install_path
appdata
-
port
4444
-
startup_name
nothingset
Targets
-
-
Target
python.exe
-
Size
45KB
-
MD5
df1f1e473daca7aeab35952a9c8b3e0e
-
SHA1
89ef8d815e328bd1038c92d03de549915d52ee95
-
SHA256
57173c561934b97d74b3cdb977f625e6425022df70218eecd7c8acde71c79690
-
SHA512
4a631e7eb7d1af9a60e3c5c79b61b33a56ab517871fb2396737628718a3c8cb22e0a039f63fdcc242644d5a8af64a8b38f3a6557b0659b2cafaf4d5990a7565b
-
SSDEEP
768:FdhO/poiiUcjlJInnSH9Xqk5nWEZ5SbTDa/uI7CPW51Zvn:bw+jjgnSH9XqcnW85SbTKuItZvn
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-