General
-
Target
New exploit technology.exe
-
Size
45KB
-
Sample
250308-tntqmazkz7
-
MD5
ef6583b19186971376c393bed6c083c1
-
SHA1
9e74fd5d2a8d8c6087d26220ff69b3a423b08d00
-
SHA256
79d2d83067c74a455237011d506c89be3dcc502946c6f7a6125da1fa7c9e2146
-
SHA512
4bb6d178ee6ee8386abf2964cef45b0ba79d4532b50828b8588e2164cf1ab2ea9bffaab0dc5b6b09d442b484251ea85fef322824042f1bdbc9b0ac42fe0beae7
-
SSDEEP
768:JdhO/poiiUcjlJInvTH9Xqk5nWEZ5SbTDanuI7CPW54:Hw+jjgnbH9XqcnW85SbTyuIQ
Malware Config
Extracted
xenorat
pdf-switched.gl.at.ply.gg
Xeno_rat_nd8912d
-
delay
5000
-
install_path
appdata
-
port
48925
-
startup_name
Exploits
Targets
-
-
Target
New exploit technology.exe
-
Size
45KB
-
MD5
ef6583b19186971376c393bed6c083c1
-
SHA1
9e74fd5d2a8d8c6087d26220ff69b3a423b08d00
-
SHA256
79d2d83067c74a455237011d506c89be3dcc502946c6f7a6125da1fa7c9e2146
-
SHA512
4bb6d178ee6ee8386abf2964cef45b0ba79d4532b50828b8588e2164cf1ab2ea9bffaab0dc5b6b09d442b484251ea85fef322824042f1bdbc9b0ac42fe0beae7
-
SSDEEP
768:JdhO/poiiUcjlJInvTH9Xqk5nWEZ5SbTDanuI7CPW54:Hw+jjgnbH9XqcnW85SbTyuIQ
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-