d4494d6239ab355a31308234f5c4508c6b31cb2e89e0636101de41bd60d544fb

Sharing

Copy URL

Twitter E-mail

General

Target

Xeno-v1.0.9-x64-New.zip
Size

7.1MB
Sample

241119-x5w4vszrdy
MD5

b32e1b06f1a530bdfd3c43abde00df1e
SHA1

5f25d1ce95c71963b67708e13739b8e3ebd65d9b
SHA256

d4494d6239ab355a31308234f5c4508c6b31cb2e89e0636101de41bd60d544fb
SHA512

5f249c82222bcf8ce8b3e65720c2aa362c8ab6ff53c4aa5e1193a9f48ad628a7edf18f4756f3091f8b0ba0498dd0ef82fe0fe787c5e31a404679b8bea1171e93
SSDEEP

196608:gCoNYe5eqB3aM//Cwj0lY8MT0iSi1WhLObay4VhF0:1oNY8TB3//CwIlY8MIiSi1WpvvhF0

Score

6^/10

discovery execution

Malware Config

Targets

- Target
  
  Xeno-v1.0.9-x64-New/Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral1 behavioral2
- Target
  
  Xeno-v1.0.9-x64-New/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral3 behavioral4
- Target
  
  Xeno-v1.0.9-x64-New/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral5 behavioral6
- Target
  
  Xeno-v1.0.9-x64-New/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral7 behavioral8
- Target
  
  Xeno-v1.0.9-x64-New/Xeno.dll
- Size
  
  939KB
- MD5
  
  29ab914d1bf45fa2b4d999623db6a44a
- SHA1
  
  2af8dd013f7f87cf33e9fe95915bebd6d35e73b3
- SHA256
  
  1db967c913802e648fc8c70da9a09f9ba3d5f3ffbf09caf41e4de4ca6f0f54b3
- SHA512
  
  001b2d3ad39c01fb181b30764892267f1d5b09c76baf27ecaabd8df70b276c22b0f96f0944b7239ccd1668e68b112090e766be468dfbd300311c4bec6d79c092
- SSDEEP
  
  12288:AKuHqB3ueaLOh1HwIao596UC8yZKJ5EWnfYE0CIrr2Ky:AdWeOh15v596UC8ydWgHjr2Ky
Score

1^/10
behavioral10 behavioral9
- Target
  
  Xeno-v1.0.9-x64-New/Xeno.exe
- Size
  
  140KB
- MD5
  
  4a2e503ab9a31880995e60ece8784b13
- SHA1
  
  5248db95700f5e600c824e736d8d1223f620ddf8
- SHA256
  
  5a7eb83a45bfb81b23485131a2f80820f3889c69c89257188ec6eb093f375dc9
- SHA512
  
  908f03a9901aea84df72fa70318aacf773ecd76465f5c9495a89c26e48e7c83c0fadce4fe58e1f7567a3a76f125a9245a18a1b5d5b0d076e15baf3c843a093b5
- SSDEEP
  
  3072:rjK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfOUhBu7q:rjK4TDUqgpqWDLZ5H+xuZ04nhA
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral11 behavioral12
- Target
  
  Xeno-v1.0.9-x64-New/XenoUI.dll
- Size
  
  73KB
- MD5
  
  3afc560eeab3dd7c4d4d1efa121e7645
- SHA1
  
  da16e9d49d77ca9af5aad37ba638418253e27eef
- SHA256
  
  962b2f5dfc883b9dfdf0b996c797b7c67da75fbb8a5fdcb965c2ba0d684caa79
- SHA512
  
  7dc2a12412fbfdfe59eb3fd4d2b96bd90fb6bc2b3a3c27c989dd60c7e705f927bd959547c1e15c9ef1df21a388ac3ead189802e12e533a2260c32577c12f9874
- SSDEEP
  
  1536:TAcx01STXu1Acv9p9rhygM/APHV5y67sX85:kcOSTXu1AO97H7Pby6755
Score

1^/10
behavioral13 behavioral14
- Target
  
  Xeno-v1.0.9-x64-New/bin/Monaco/index.html
- Size
  
  164KB
- MD5
  
  001dcbb8f41cdcbf9b4d1e3a0ed4b2d2
- SHA1
  
  982a05814546017c40771e59e7677b53d84787e9
- SHA256
  
  f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951
- SHA512
  
  9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa
- SSDEEP
  
  3072:Nk4J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7pblM:64J09BA3pZaFD48VOAGUWYPjdlLJbRBS
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral15 behavioral16
- Target
  
  Xeno-v1.0.9-x64-New/bin/Monaco/vs/base/worker/workerMain.js
- Size
  
  133KB
- MD5
  
  d0ac5294c58e523cddf25bc6d785fa48
- SHA1
  
  1b3661b6db36f1b14fd80dc9a739bfc69c68dfe5
- SHA256
  
  e90d1a8f116fa74431117a3ad78dde16dde060a4bf7528dfe3d5a3ad6156504b
- SHA512
  
  fea07a1ea5d29a3b4c614248655f4d1ddd94c10c6a6b5c8b428a8b4c0cbec7e7492fa0665c5001e65ce167240ffdfc5ac2c2ed14da3d6f508ae8d8b3c8e8eebb
- SSDEEP
  
  3072:bzjH/zYJc5c/7tMLrJ78II4F9N8+em5W+:XjH/zYJc5c/76LrJ78I7BL
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  Xeno-v1.0.9-x64-New/bin/Monaco/vs/basic-languages/lua/lua.js
- Size
  
  4KB
- MD5
  
  eebda1fdd970433750c115eae2f03865
- SHA1
  
  3f1a1cddb99dead013eac825eb418241656d4bf0
- SHA256
  
  ac729efb3164f48d6b08f74d4b15060c126a30d40fb4cd4fc9cc94f2e19bd7c7
- SHA512
  
  8b188f3ae73a14a9318dce9761312d9dd2360ab00ee36e83ca6b74288a109c91770954db7537fd84a76707a1e79528fffc97f3a718bcd924545b469a1363c9cb
- SSDEEP
  
  96:HDGAW6FJJJkCO8evcIWtdrvrg+1/sLMiWAOKjLobLMzD:BWCDqC20IWtZD92pzOKvomD
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  Xeno-v1.0.9-x64-New/bin/Monaco/vs/editor/editor.main.js
- Size
  
  2.1MB
- MD5
  
  2dc0068cdbc03ce43a75ab0b2df664e2
- SHA1
  
  817a209e179466dc8a14e05eb11a6c1b7e3d71eb
- SHA256
  
  b604b6148f70fe9db882cce2a7d327b2422ad2f203a805491002a8c564e3c3ff
- SHA512
  
  1ce29ed21e027d3552dc05162250bd62d66555f7b9ff48c9c94116d1e696089c32851533e7db30a7507a85b598df8fbf66292904c446536ccd3b2c60209d9d3d
- SSDEEP
  
  24576:jFFExk98EXl2uRJxjP3Ddv6QLtQ2MbRpn:Yxk98EXl2ixjP3Ddv6QLtdMf
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  Xeno-v1.0.9-x64-New/bin/Monaco/vs/editor/editor.main.nls.de.js
- Size
  
  46KB
- MD5
  
  d1fd2fb756c73970b9c5e0ba07bff708
- SHA1
  
  470057b3244886dccc9f6074297cc8bc2a9c1b39
- SHA256
  
  cb1c3416ff242a738c45c3b2590d7d222b159a95a69ce3b7b8d7c8d18ea70828
- SHA512
  
  db2432182ff4c85fcca5093d0e433ed9cf5bed3ea3db9ed82fedc87af4d260e0d0f29ff67f0b8ac78e162586a74998ad082a91e8f9a76717827a83d5b2f775cf
- SSDEEP
  
  768:ocuLC1xYdRB1a3Xq1GdigBoQqAaI/QQUEYPxFpXT1kF7bJZYmz7lehjDWMQRBk3Z:oclxgVuXq1GdiRQqAaI/QvEYPxFpDkbg
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Xeno-v1.0.9-x64-New/bin/Monaco/vs/editor/editor.main.nls.es.js
- Size
  
  46KB
- MD5
  
  36f546b28ca17ece9f8eb9bcf8344e13
- SHA1
  
  d43934b9041587799e332b2f568aa81666227258
- SHA256
  
  327437ee3793e9ae0686c78196b459592c282ed2e86f95ce28d32693b76d7654
- SHA512
  
  13f8cc23038c07b6840514db4fc7b503b7a38ae1ec3baab44f1bfbded40ac50ae03c05c754f9678eecd0c8fcefab958152b39b731068b8c2c976c4c57e97f36d
- SSDEEP
  
  768:oX8nKFyVgAYwTQG8zHqIkGMvnmvoKA9OfxjB3EVuU13pjbazPn0ANy7+IkLDKPp9:oMKFyVRcdzHqIkGMvnmvoKA9OfxjB3E5
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  Xeno-v1.0.9-x64-New/bin/Monaco/vs/editor/editor.main.nls.fr.js
- Size
  
  49KB
- MD5
  
  1a29080733878dd44e0c118e84cd0c39
- SHA1
  
  60c158e23962b11918f6cae26445fad5b63bc65a
- SHA256
  
  6ed837dc1905c06a20d102921ff06a0bda003c5368ed0576bf7e69494e889ae8
- SHA512
  
  5cc68cabb583100320d7c875fd7c46f5c618c3968ac2a7c2b60f90ec74b29349a557049c17d5c851cabb54d5ef26cd65e8d2288d70b62ede06ee1762e25dbd60
- SSDEEP
  
  768:op8flgb2uZ5CcXQ6Q3edz3uzATaY3l0y+wj90TWIvkU5BkREPTtOjNjZocYV3A4k:owliv5Ccg67SATaYVKPkRskjNGBAa3k
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  Xeno-v1.0.9-x64-New/bin/Monaco/vs/editor/editor.main.nls.it.js
- Size
  
  48KB
- MD5
  
  18e88f58301ad5ae926204507ab99c6b
- SHA1
  
  8eb03235312e88b941f3be212c0efa12b24e6d5f
- SHA256
  
  4fe2c4420294758883e134bdf7da9e6c2abf631d3a89c765f32f6c1d0f62653c
- SHA512
  
  f66283ec4182e9062f9f03a83acb3f2a49b98fb9ef67e48eaf5227236919ca279831b822fcb3ae252cfeafd81d12fe9c89a2843d91ab140a2b79b6bbc1d4f013
- SSDEEP
  
  768:opTEy7izsuMa01VaiYR2L8XoXNj8YtvnYbP4ymMb3d/gyKJdnPTrysribj5K3m05:of7fQ2qd4yq2FA1J1qn4VN7CgL
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Xeno-v1.0.9-x64-New/bin/Monaco/vs/editor/editor.main.nls.ja.js
- Size
  
  52KB
- MD5
  
  3bf851cc70f515cbbe1d39da93e4f041
- SHA1
  
  88fe6323bbe14b55b6eec078574318e8474be613
- SHA256
  
  1f3556ea7233843b9e08b3c97b6727c533d702563e195c2090a438070dc85f0f
- SHA512
  
  61ffe9ec3550d2f8dfbc30d7d61327584833bb714a9d2cfc9788449190089dbdeaa293bb9921a43da782e1c36b7d242e13ac052b46210d2e79793626e921169d
- SSDEEP
  
  384:hyd/PwPtm+04LZ+FFHr0ZA9qOSTvvIEveG1vz14NdahWMpA1Uj4vHbX3IPDScLBV:olP4LsIOCaT3lJr/Tvk6892vU1ssD
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Legitimate hosting services abused for malware hosting/C2

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32