General

  • Target

    AIMxBeta1.6HOTFIXv1.exe

  • Size

    228KB

  • MD5

    c8b98c0bd31bb2c4ea106b805c9956b8

  • SHA1

    946228438f142b5cbe2264ad6863590ceb6900c6

  • SHA256

    6db0f6fdbb853cd038a40fa5e1cdcf4d20385cd65c307e201a479c6108f7c7b3

  • SHA512

    66cfbd49b2f55c4f9ba324853feb55a98e6d0ee9b3365b0074b919125c745d0d7bd2702e3b131a11e5dd49155cf3239513f417fcd52406be2ebcf301979c7b3e

  • SSDEEP

    3072:yw+jqz91UbTrIFzwPuP/TkUTxQweW825k0yhOqxrZ25K545Ct2Q:PW291UbQwqzT29hOqxrZs6mI

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

192.168.10.100

Mutex

AIMx_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4748

  • startup_name

    Windows Security Host

Signatures

  • Detect XenoRat Payload 1 IoCs
  • Xenorat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • AIMxBeta1.6HOTFIXv1.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections