Behavioral task
behavioral1
Sample
7cc5e330c3c53f76341b2901bb1f48a32a0d0b4a897d1bc33925270696f40bce.exe
Resource
win7-20240903-en
General
-
Target
6fb46f2f43c2cca4250c3acf5254b827.bin
-
Size
93KB
-
MD5
af939035da87da0e8dce80749ba5b5d9
-
SHA1
f129a9c87d577b8a723aed9dc421e7638633fc85
-
SHA256
21994fbd025b35fb8de6341fbc36eb397b96d3a5e179c62f286f17f1ce2c97f6
-
SHA512
5e2a8ade91c58202ad0fa4e9fbafd7f3ec5baa33c949921278e8b6f45474d23016a66d4d4bfc698ca579a332b292634e0a5ec7e8784b5102b860a7f97b58184f
-
SSDEEP
1536:E/nMq43Lykf1dqK2nLRSS0YYQBm+N5V18YMFuoPLjCV4U9MWG7+S2zJsZXPWFeC9:E/Mq4+UrNUR7jX4+jV1sLjCV/947+S4H
Malware Config
Extracted
xenorat
64.52.80.67
Xeno_rat_nd8912d
-
delay
5000
-
install_path
appdata
-
port
4444
-
startup_name
SnapHack
Signatures
-
Detect XenoRat Payload 1 IoCs
resource yara_rule static1/unpack001/7cc5e330c3c53f76341b2901bb1f48a32a0d0b4a897d1bc33925270696f40bce.exe family_xenorat -
Xenorat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/7cc5e330c3c53f76341b2901bb1f48a32a0d0b4a897d1bc33925270696f40bce.exe
Files
-
6fb46f2f43c2cca4250c3acf5254b827.bin.zip
Password: infected
-
7cc5e330c3c53f76341b2901bb1f48a32a0d0b4a897d1bc33925270696f40bce.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 167KB - Virtual size: 166KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ