General
-
Target
Bob Xeno Client.exe
-
Size
46KB
-
Sample
250308-yz12assjt9
-
MD5
2a7dfd47f45c9a8d291c27449677a409
-
SHA1
04791fc97f6b0edd17f486110c09c7fe2db3b5c0
-
SHA256
8e9ff300c349a60640c091c0c4ee0bc40bdb1338708c55d4e73c46354aac831a
-
SHA512
0d9f43dcff9f750867e829a1d28e1c120859d5bf6855c0698f36adce94375b1523e604fdca5b968e7b8d683781219c54f56451a00512d38467220457d07c7feb
-
SSDEEP
768:PdhO/poiiUcjlJInVTH9Xqk5nWEZ5SbTDafuI7CPW5E:Fw+jjgnNH9XqcnW85SbT6uIM
Behavioral task
behavioral1
Sample
Bob Xeno Client.exe
Resource
win7-20240903-en
Malware Config
Extracted
xenorat
if-eventually.gl.at.ply.gg
silly_goober
-
install_path
temp
-
port
17094
-
startup_name
Runtime Broker
Targets
-
-
Target
Bob Xeno Client.exe
-
Size
46KB
-
MD5
2a7dfd47f45c9a8d291c27449677a409
-
SHA1
04791fc97f6b0edd17f486110c09c7fe2db3b5c0
-
SHA256
8e9ff300c349a60640c091c0c4ee0bc40bdb1338708c55d4e73c46354aac831a
-
SHA512
0d9f43dcff9f750867e829a1d28e1c120859d5bf6855c0698f36adce94375b1523e604fdca5b968e7b8d683781219c54f56451a00512d38467220457d07c7feb
-
SSDEEP
768:PdhO/poiiUcjlJInVTH9Xqk5nWEZ5SbTDafuI7CPW5E:Fw+jjgnNH9XqcnW85SbT6uIM
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-