General
-
Target
1n.exe
-
Size
45KB
-
Sample
250310-3egjdasyet
-
MD5
3db088b8c8b9748d2be4f6cf43c51ff2
-
SHA1
af920d280aa927072c9df457a7c6adac1a76b17c
-
SHA256
52c7adefae6b848e0c83fadf001b9545f77b767922f5b8031f2ba981fb624281
-
SHA512
2bbbe7e57bcd5ab74ad5426f2e70e54da9a72cceca1a8c768dac6485d9892460dc16ad1b7847c33b8c52576c2131089e90266e1eeeac308a34d6e4b065d6d198
-
SSDEEP
768:hdhO/poiiUcjlJIn+0H9Xqk5nWEZ5SbTDahuI7CPW55:fw+jjgnjH9XqcnW85SbTEuIB
Behavioral task
behavioral1
Sample
1n.exe
Resource
win7-20240729-en
Malware Config
Extracted
xenorat
127.0.0.1
Xeno_rat_nd8912d
-
delay
5000
-
install_path
appdata
-
port
4444
-
startup_name
nego
Targets
-
-
Target
1n.exe
-
Size
45KB
-
MD5
3db088b8c8b9748d2be4f6cf43c51ff2
-
SHA1
af920d280aa927072c9df457a7c6adac1a76b17c
-
SHA256
52c7adefae6b848e0c83fadf001b9545f77b767922f5b8031f2ba981fb624281
-
SHA512
2bbbe7e57bcd5ab74ad5426f2e70e54da9a72cceca1a8c768dac6485d9892460dc16ad1b7847c33b8c52576c2131089e90266e1eeeac308a34d6e4b065d6d198
-
SSDEEP
768:hdhO/poiiUcjlJIn+0H9Xqk5nWEZ5SbTDahuI7CPW55:fw+jjgnjH9XqcnW85SbTEuIB
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-