General
-
Target
dasdwasd.exe
-
Size
45KB
-
Sample
241219-tpmzgavpct
-
MD5
7c0981b33bb05e403e6dafbfb15f245e
-
SHA1
0d85fd3a8c5de8bce1e9e5595d2882491cab3e51
-
SHA256
d54bd79976a9cfef49e8ae530437fd657e3c2125623b8c26049f95a77da9b0ea
-
SHA512
bb57ef8f6489b4fe0c2f8f02d2fde38c5398c80296af53c2c34909e02a5a0e042dcd22d0a08c36b40c4e5816cb5334b55e802e67a8cb699df25a183b435dd96a
-
SSDEEP
768:xdhO/poiiUcjlJInlzH9Xqk5nWEZ5SbTDaYWI7CPW5V:vw+jjgndH9XqcnW85SbTZWId
Behavioral task
behavioral1
Sample
dasdwasd.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
dasdwasd.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
dasdwasd.exe
Resource
android-x64-20240624-en
Malware Config
Extracted
xenorat
192.168.1.129
MERRYCHEESEMAS
-
delay
5000
-
install_path
appdata
-
port
8888
-
startup_name
Windows
Targets
-
-
Target
dasdwasd.exe
-
Size
45KB
-
MD5
7c0981b33bb05e403e6dafbfb15f245e
-
SHA1
0d85fd3a8c5de8bce1e9e5595d2882491cab3e51
-
SHA256
d54bd79976a9cfef49e8ae530437fd657e3c2125623b8c26049f95a77da9b0ea
-
SHA512
bb57ef8f6489b4fe0c2f8f02d2fde38c5398c80296af53c2c34909e02a5a0e042dcd22d0a08c36b40c4e5816cb5334b55e802e67a8cb699df25a183b435dd96a
-
SSDEEP
768:xdhO/poiiUcjlJInlzH9Xqk5nWEZ5SbTDaYWI7CPW5V:vw+jjgndH9XqcnW85SbTZWId
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-