General
-
Target
f.exe
-
Size
45KB
-
Sample
250310-mx6cfsstbv
-
MD5
ee4c9d122b27e42c325358e85cd8e7f4
-
SHA1
52ac4bf7bf1402427b63e43254e6077ad2e958cd
-
SHA256
83a8c278ff9caa4ba6ef571d0e06fc85c414e082085bc6d078f5f5ba606305da
-
SHA512
593ee01ab2335ba70d0faa36857b10bda93c2b40d9b87c7919df183295eb983e77c35e48ce95e0610e944bda59c2f0d20320710eb5dfa3171380c5e422e23ca0
-
SSDEEP
768:1dhO/poiiUcjlJInsVH9Xqk5nWEZ5SbTDa01uI7CPW5WZ:Lw+jjgn8H9XqcnW85SbTbuIe
Behavioral task
behavioral1
Sample
f.exe
Resource
win7-20240903-en
Malware Config
Extracted
xenorat
10.10.1.250
High Definition Audio
-
delay
5000
-
install_path
appdata
-
port
4782
-
startup_name
High Definition Audio
Targets
-
-
Target
f.exe
-
Size
45KB
-
MD5
ee4c9d122b27e42c325358e85cd8e7f4
-
SHA1
52ac4bf7bf1402427b63e43254e6077ad2e958cd
-
SHA256
83a8c278ff9caa4ba6ef571d0e06fc85c414e082085bc6d078f5f5ba606305da
-
SHA512
593ee01ab2335ba70d0faa36857b10bda93c2b40d9b87c7919df183295eb983e77c35e48ce95e0610e944bda59c2f0d20320710eb5dfa3171380c5e422e23ca0
-
SSDEEP
768:1dhO/poiiUcjlJInsVH9Xqk5nWEZ5SbTDa01uI7CPW5WZ:Lw+jjgn8H9XqcnW85SbTbuIe
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-