General
-
Target
xeno.exe
-
Size
45KB
-
Sample
250308-nz6xfawqs9
-
MD5
012e5dc5358be0ea18a36dce1db9ffb8
-
SHA1
ab21543545289caeab4c7ccf913128b762008814
-
SHA256
b5fd8b5a52e098b006d80e2355bc69bab4ec2e6f1822951fbc19efe9f03fb2f2
-
SHA512
2ba96d2b90e690988bfc7af424cd87f4fa6ea76b8acdd2d8e55f0e16939e7d579d0b8f68391871495ea4483235cd60f9957729855aaf255c3b503961c42cc7d3
-
SSDEEP
768:hdhO/poiiUcjlJInEQH9Xqk5nWEZ5SbTDa+WI7CPW5D:fw+jjgndH9XqcnW85SbT3WIr
Malware Config
Extracted
xenorat
91.51.36.43
25682-25636-235364376-254262
-
delay
5000
-
install_path
appdata
-
port
4847
-
startup_name
RuntimeBroker
Targets
-
-
Target
xeno.exe
-
Size
45KB
-
MD5
012e5dc5358be0ea18a36dce1db9ffb8
-
SHA1
ab21543545289caeab4c7ccf913128b762008814
-
SHA256
b5fd8b5a52e098b006d80e2355bc69bab4ec2e6f1822951fbc19efe9f03fb2f2
-
SHA512
2ba96d2b90e690988bfc7af424cd87f4fa6ea76b8acdd2d8e55f0e16939e7d579d0b8f68391871495ea4483235cd60f9957729855aaf255c3b503961c42cc7d3
-
SSDEEP
768:hdhO/poiiUcjlJInEQH9Xqk5nWEZ5SbTDa+WI7CPW5D:fw+jjgndH9XqcnW85SbT3WIr
-
Detect XenoRat Payload
-
Xenorat family
-
Executes dropped EXE
-