69e43fe7ea3817134874b2da967ff6d590b0513e125580179c0410df9cfef39f | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Xeno-v1.1.35-x64.zip

windows7-x64

8

Resubmissions

24-01-2025 18:53

250124-xjqd7atrcr 8

24-01-2025 18:37

250124-w9e6gasjcv 8

24-01-2025 18:35

250124-w8hvzatlbm 3

24-01-2025 18:21

250124-wzj2ns1nbs 7

24-01-2025 18:11

250124-wsl8fs1kex 8

24-01-2025 18:05

250124-wpbmjsslgl 7

24-01-2025 17:27

250124-v1e9fa1kbr 8

Sharing

General

Target

Xeno-v1.1.35-x64.zip
Size

4.5MB
Sample

250124-wsl8fs1kex
MD5

5f7548663f208cb2fdd2350b916719a4
SHA1

689f5e7275b316892c88438d3bcb1ed2bf643697
SHA256

69e43fe7ea3817134874b2da967ff6d590b0513e125580179c0410df9cfef39f
SHA512

4ea59a095cdb5ddc1aba1a4a46b717799012cafdeca795e84bee6c5f5892300c82e7199d1e3f70503d87f6fa4e8382137d0ffb738776785fc2e71d2037a4b961
SSDEEP

98304:OmD6OMyjrm+twdjTmDh/BRFQNM74slPUDtgoCrEhxGMZLvrylQQOJgq:JDUyP9tWjTml/3bZUpn7GMZbOe7Jgq

Score

8^/10

defense_evasion discovery persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Xeno-v1.1.35-x64.zip

Resource

win7-20241010-en

defense_evasion discovery persistence

windows7-x64

29 signatures

900 seconds

Malware Config

Targets

- Target
  
  Xeno-v1.1.35-x64.zip
- Size
  
  4.5MB
- MD5
  
  5f7548663f208cb2fdd2350b916719a4
- SHA1
  
  689f5e7275b316892c88438d3bcb1ed2bf643697
- SHA256
  
  69e43fe7ea3817134874b2da967ff6d590b0513e125580179c0410df9cfef39f
- SHA512
  
  4ea59a095cdb5ddc1aba1a4a46b717799012cafdeca795e84bee6c5f5892300c82e7199d1e3f70503d87f6fa4e8382137d0ffb738776785fc2e71d2037a4b961
- SSDEEP
  
  98304:OmD6OMyjrm+twdjTmDh/BRFQNM74slPUDtgoCrEhxGMZLvrylQQOJgq:JDUyP9tWjTml/3bZUpn7GMZbOe7Jgq
Score

8^/10

defense_evasion discovery persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Time Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistence

© 2018-2025

Terms | Privacy