General
-
Target
e58385d0d9d312cedbf8950d430c0948307184a839454bd86d5ffeadcf3a9ebf.exe
-
Size
47KB
-
Sample
250307-jtbrwsxk16
-
MD5
7f9d2a897d4ce0a5a7bf0ed18c21455d
-
SHA1
f3360c62328f120b234874223b5db75ec48812d1
-
SHA256
e58385d0d9d312cedbf8950d430c0948307184a839454bd86d5ffeadcf3a9ebf
-
SHA512
d8399616d965006f83069e9058ef611cb2027fdc6a19f0ab72c541e1738e84233a9fd69a82123d21a9469a4b39cecab26593c31eedd2288fb3803bdabf29d8cb
-
SSDEEP
768:sdhM/poiiUcjlJInvhYf9Xqk5nWEZ5SbTDa/vI7CPW5XYc:m2+jjgnvaf9XqcnW85SbTuvIgc
Behavioral task
behavioral1
Sample
e58385d0d9d312cedbf8950d430c0948307184a839454bd86d5ffeadcf3a9ebf.exe
Resource
win7-20240903-en
Malware Config
Extracted
xenorat
geikus.myaddr.io
Xeno_Rat_d7515nd
-
delay
5000
-
install_path
appdata
-
port
5555
-
startup_name
onex187
Targets
-
-
Target
e58385d0d9d312cedbf8950d430c0948307184a839454bd86d5ffeadcf3a9ebf.exe
-
Size
47KB
-
MD5
7f9d2a897d4ce0a5a7bf0ed18c21455d
-
SHA1
f3360c62328f120b234874223b5db75ec48812d1
-
SHA256
e58385d0d9d312cedbf8950d430c0948307184a839454bd86d5ffeadcf3a9ebf
-
SHA512
d8399616d965006f83069e9058ef611cb2027fdc6a19f0ab72c541e1738e84233a9fd69a82123d21a9469a4b39cecab26593c31eedd2288fb3803bdabf29d8cb
-
SSDEEP
768:sdhM/poiiUcjlJInvhYf9Xqk5nWEZ5SbTDa/vI7CPW5XYc:m2+jjgnvaf9XqcnW85SbTuvIgc
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-