General
-
Target
ruleaza.exe
-
Size
60KB
-
Sample
241215-p8zedsvkhx
-
MD5
bc8dd3bc1e1c0dc28e40898a6cb1e8d4
-
SHA1
873efbf4b0461a252eb88b61113511211cfe4b4c
-
SHA256
4154a155effa00a21a92bc505e79d666227a04a572dcd3f0a1c09ad99d9bb1ed
-
SHA512
f61e8c0dbce599e5af66403a249269b27a950263aa22059962bedd171eb199540f5e72258b29bf150dbf0a5ec54b2db3c86a670d367658fde2874c141cf638b4
-
SSDEEP
768:pdhO/poiiUcjlJInLVH9Xqk5nWEZ5SbTDaLuI7CPW5WdxelsWNRPZ:nw+jjgnxH9XqcnW85SbTGuIZtNRZ
Behavioral task
behavioral1
Sample
ruleaza.exe
Resource
win7-20240903-en
Malware Config
Extracted
xenorat
127.0.0.1
Xeno_rat_nd8912d
-
delay
5000
-
install_path
appdata
-
port
4782
-
startup_name
niggas
Targets
-
-
Target
ruleaza.exe
-
Size
60KB
-
MD5
bc8dd3bc1e1c0dc28e40898a6cb1e8d4
-
SHA1
873efbf4b0461a252eb88b61113511211cfe4b4c
-
SHA256
4154a155effa00a21a92bc505e79d666227a04a572dcd3f0a1c09ad99d9bb1ed
-
SHA512
f61e8c0dbce599e5af66403a249269b27a950263aa22059962bedd171eb199540f5e72258b29bf150dbf0a5ec54b2db3c86a670d367658fde2874c141cf638b4
-
SSDEEP
768:pdhO/poiiUcjlJInLVH9Xqk5nWEZ5SbTDaLuI7CPW5WdxelsWNRPZ:nw+jjgnxH9XqcnW85SbTGuIZtNRZ
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-