General
-
Target
12ac061f02656d9e3d3cfbdd429a6bcf.bin
-
Size
20KB
-
MD5
6ea70f3844a533b1cadd5cb4d53f2b43
-
SHA1
6ce29b7bbe29348ce44c9c8495b7483accb1a915
-
SHA256
3f403b5af43cc9437a2e44f42de9274f543f2e2ef7057cf2c1d1ec58129c486c
-
SHA512
7d9115a9c47dbd9d9934f9edea7b301bf80a1abfbdc5ee8c651bc526b4b4a03b64141a05976f6e34bc74ba46bafae430fb7015547fc7887091eea914ae9ba3f2
-
SSDEEP
384:KZr71FDNEV4sJdeOh3StCaw29N000XcuKrzrKOIg42qNbNQ4ifFASDLFZMWfGcHE:KZrTDi6sJ8Ohy2Ki0//rzrShNbNbif1A
Score
10/10
Malware Config
Extracted
Family
xenorat
C2
194.59.30.69
Mutex
Xeno_rat_nd8912d
Attributes
-
delay
5000
-
install_path
nothingset
-
port
16589
-
startup_name
nothingset
Signatures
-
Detect XenoRat Payload 1 IoCs
-
Xenorat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
12ac061f02656d9e3d3cfbdd429a6bcf.bin
Password: infected
-
b1593574e46fb1f30b1da4fa594f43bb52b051a616db390abf23ef45508f8b13.exe
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections