General
-
Target
544f68f90157e53fb81a864b1aa1b30a91a7e297062cc33b9194d2d83ab124e7.exe
-
Size
46KB
-
MD5
9ce983782ef6449547057837fbf28149
-
SHA1
95efe91de8f9e7ddb866efc015906a1f498f8c53
-
SHA256
544f68f90157e53fb81a864b1aa1b30a91a7e297062cc33b9194d2d83ab124e7
-
SHA512
6ffd8563bc5ce87882fc835d2c753c673b4f178deb8815ec32f168c8d6344f4457d8d09aba41b1d2ddfc204257f5c29359a79525726490183bfd50cc435e84e8
-
SSDEEP
768:PdhO/poiiUcjlJInbTH9Xqk5nWEZ5SbTDaNuI7CPW5A:Fw+jjgnnH9XqcnW85SbTIuIY
Score
10/10
Malware Config
Extracted
Family
xenorat
C2
roblox.airdns.org
Mutex
Microsoft_nd8912d
Attributes
-
delay
5000
-
install_path
appdata
-
port
62604
-
startup_name
Runtime Broker.
Signatures
-
Detect XenoRat Payload 1 IoCs
-
Xenorat family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
544f68f90157e53fb81a864b1aa1b30a91a7e297062cc33b9194d2d83ab124e7.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections