General
-
Target
3106e90067456404a9f3e768ce3b60de6ae91fa2be664255ad6fe86c3f87e67d.doc
-
Size
195KB
-
Sample
241211-ctx7kawkhm
-
MD5
13326ed69d36aaa385c5eba9fa6e5cc2
-
SHA1
66946fa69204b91787c7eabb91c1fd8452b1cc24
-
SHA256
3106e90067456404a9f3e768ce3b60de6ae91fa2be664255ad6fe86c3f87e67d
-
SHA512
39e5df1db48b1afe1c2bf7f2b8ccfca38b0fd4c49dd04884299fcc8adc633e6171a8756bf9eca65ac37b59ce6ef4a3fb3c761848a94c04d9afe725a53d008edd
-
SSDEEP
3072:j877VGZ5Sd3b4e0wNZtsqXNKd5AvDJW4S+I/tZ6X1bpF6mIJ88:6GZYwAZHMCDJ8/u5pAmIe8
Behavioral task
behavioral1
Sample
3106e90067456404a9f3e768ce3b60de6ae91fa2be664255ad6fe86c3f87e67d.doc
Resource
win7-20241010-en
Malware Config
Extracted
xenorat
dns.stipamana.com
Xeno_rat_nd8912d
-
delay
12000
-
install_path
appdata
-
port
4567
-
startup_name
mrec
Targets
-
-
Target
3106e90067456404a9f3e768ce3b60de6ae91fa2be664255ad6fe86c3f87e67d.doc
-
Size
195KB
-
MD5
13326ed69d36aaa385c5eba9fa6e5cc2
-
SHA1
66946fa69204b91787c7eabb91c1fd8452b1cc24
-
SHA256
3106e90067456404a9f3e768ce3b60de6ae91fa2be664255ad6fe86c3f87e67d
-
SHA512
39e5df1db48b1afe1c2bf7f2b8ccfca38b0fd4c49dd04884299fcc8adc633e6171a8756bf9eca65ac37b59ce6ef4a3fb3c761848a94c04d9afe725a53d008edd
-
SSDEEP
3072:j877VGZ5Sd3b4e0wNZtsqXNKd5AvDJW4S+I/tZ6X1bpF6mIJ88:6GZYwAZHMCDJ8/u5pAmIe8
-
Detect XenoRat Payload
-
Xenorat family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-