General
-
Target
1176f6decd2a42d847b2ae44209266907b6f3a0b7c7beb3de99a8e351a5874f6N.exe
-
Size
45KB
-
Sample
241220-e1rdpszqer
-
MD5
436c1c95e3de4456f90d2028d3297cc0
-
SHA1
4e9c7ea2e8ed20c4f26fc5e42824fb0ea5e34361
-
SHA256
1176f6decd2a42d847b2ae44209266907b6f3a0b7c7beb3de99a8e351a5874f6
-
SHA512
19e8f2c15a31b8e92eb574dbaf158f697f3999b85349de7f646978bd49d5d8a53507e53cfd063fcd57ff4a7cdd543e0008ad49b681d1c1c7ecfe2ee75d883047
-
SSDEEP
768:hdhO/poiiUcjlJInE0H9Xqk5nWEZ5SbTDaVuI7CPW55:fw+jjgntH9XqcnW85SbTAuIB
Behavioral task
behavioral1
Sample
1176f6decd2a42d847b2ae44209266907b6f3a0b7c7beb3de99a8e351a5874f6N.exe
Resource
win7-20240903-en
Malware Config
Extracted
xenorat
127.0.0.1
Xeno_rat_nd8912d
-
delay
5000
-
install_path
temp
-
port
4444
-
startup_name
Spotify
Targets
-
-
Target
1176f6decd2a42d847b2ae44209266907b6f3a0b7c7beb3de99a8e351a5874f6N.exe
-
Size
45KB
-
MD5
436c1c95e3de4456f90d2028d3297cc0
-
SHA1
4e9c7ea2e8ed20c4f26fc5e42824fb0ea5e34361
-
SHA256
1176f6decd2a42d847b2ae44209266907b6f3a0b7c7beb3de99a8e351a5874f6
-
SHA512
19e8f2c15a31b8e92eb574dbaf158f697f3999b85349de7f646978bd49d5d8a53507e53cfd063fcd57ff4a7cdd543e0008ad49b681d1c1c7ecfe2ee75d883047
-
SSDEEP
768:hdhO/poiiUcjlJInE0H9Xqk5nWEZ5SbTDaVuI7CPW55:fw+jjgntH9XqcnW85SbTAuIB
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-