General

  • Target

    6fb46f2f43c2cca4250c3acf5254b827.bin

  • Size

    93KB

  • MD5

    af939035da87da0e8dce80749ba5b5d9

  • SHA1

    f129a9c87d577b8a723aed9dc421e7638633fc85

  • SHA256

    21994fbd025b35fb8de6341fbc36eb397b96d3a5e179c62f286f17f1ce2c97f6

  • SHA512

    5e2a8ade91c58202ad0fa4e9fbafd7f3ec5baa33c949921278e8b6f45474d23016a66d4d4bfc698ca579a332b292634e0a5ec7e8784b5102b860a7f97b58184f

  • SSDEEP

    1536:E/nMq43Lykf1dqK2nLRSS0YYQBm+N5V18YMFuoPLjCV4U9MWG7+S2zJsZXPWFeC9:E/Mq4+UrNUR7jX4+jV1sLjCV/947+S4H

Score
10/10

Malware Config

Extracted

Family

xenorat

C2

64.52.80.67

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4444

  • startup_name

    SnapHack

Signatures

  • Detect XenoRat Payload 1 IoCs
  • Xenorat family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 6fb46f2f43c2cca4250c3acf5254b827.bin
    .zip

    Password: infected

  • 7cc5e330c3c53f76341b2901bb1f48a32a0d0b4a897d1bc33925270696f40bce.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections