General
-
Target
e629bbd6a5b5c253f38cea38d156d81e0f0e391b7e7618ff275e31fa0d3a34c6
-
Size
35KB
-
Sample
241207-13tgqssjal
-
MD5
df7222411a3a5c18e0d8fb28befb5ed7
-
SHA1
3680092dcd1918b0f0d11c9d2500db6c161956cb
-
SHA256
e629bbd6a5b5c253f38cea38d156d81e0f0e391b7e7618ff275e31fa0d3a34c6
-
SHA512
794d3f34297d17cc9d078a70489705b45f4b885619879ef2cba4d04498ba198680013a742b9d691b88307f24eb61a065fce4827cf138f2ef7504724cd4dc4cc7
-
SSDEEP
384:wopiSY5UPeL/kyht18/HsowbyD5yQjc60jlj9yD5yQjsyp/d7ryYx:F7C7+BfM4Br
Behavioral task
behavioral1
Sample
e629bbd6a5b5c253f38cea38d156d81e0f0e391b7e7618ff275e31fa0d3a34c6.doc
Resource
win7-20240729-en
Malware Config
Extracted
xenorat
dns.stipamana.com
Xeno_rat_nd8912d
-
delay
12000
-
install_path
appdata
-
port
4567
-
startup_name
mrec
Targets
-
-
Target
e629bbd6a5b5c253f38cea38d156d81e0f0e391b7e7618ff275e31fa0d3a34c6
-
Size
35KB
-
MD5
df7222411a3a5c18e0d8fb28befb5ed7
-
SHA1
3680092dcd1918b0f0d11c9d2500db6c161956cb
-
SHA256
e629bbd6a5b5c253f38cea38d156d81e0f0e391b7e7618ff275e31fa0d3a34c6
-
SHA512
794d3f34297d17cc9d078a70489705b45f4b885619879ef2cba4d04498ba198680013a742b9d691b88307f24eb61a065fce4827cf138f2ef7504724cd4dc4cc7
-
SSDEEP
384:wopiSY5UPeL/kyht18/HsowbyD5yQjc60jlj9yD5yQjsyp/d7ryYx:F7C7+BfM4Br
-
Detect XenoRat Payload
-
Xenorat family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-