General
-
Target
SKIBI TOLIET.exe
-
Size
45KB
-
Sample
250308-sryy3syybz
-
MD5
7190e8a17d3b610dd954e3bc85a76fae
-
SHA1
10683424e5bc52979d562aafe6e00953deaca45e
-
SHA256
2f3845685a5f0fbff420a7cf627f4172393012bdf8815e72c6975534d9bd718e
-
SHA512
5899f443cfd02d689f13043e7fd868e9486fd7b50f9d0514e917551d47c8e9897ec0b7c2d6c36532c6dffc94381c524ac6087c859780beca5aebdadb13b08d16
-
SSDEEP
768:VdhO/poiiUcjlJInSjsZ8H9Xqk5nWEZ5SbTDaFuI7CPW5E:rw+jjgnIsZ8H9XqcnW85SbTouIc
Behavioral task
behavioral1
Sample
SKIBI TOLIET.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
xenorat
found-politicians.gl.at.ply.gg
Xeno_rat_nd8912d
-
delay
5000
-
install_path
appdata
-
port
47806
-
startup_name
Sinkerboi
Targets
-
-
Target
SKIBI TOLIET.exe
-
Size
45KB
-
MD5
7190e8a17d3b610dd954e3bc85a76fae
-
SHA1
10683424e5bc52979d562aafe6e00953deaca45e
-
SHA256
2f3845685a5f0fbff420a7cf627f4172393012bdf8815e72c6975534d9bd718e
-
SHA512
5899f443cfd02d689f13043e7fd868e9486fd7b50f9d0514e917551d47c8e9897ec0b7c2d6c36532c6dffc94381c524ac6087c859780beca5aebdadb13b08d16
-
SSDEEP
768:VdhO/poiiUcjlJInSjsZ8H9Xqk5nWEZ5SbTDaFuI7CPW5E:rw+jjgnIsZ8H9XqcnW85SbTouIc
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-