General
-
Target
FlameWoo2K_0.0.8.exe
-
Size
45.7MB
-
Sample
250326-2mse6swpt2
-
MD5
348628e2646afa52e420ddd80f0dc496
-
SHA1
1d6e6dd8200019fa561e0a1092992d0b156f0528
-
SHA256
56b9c25f3bc2a415ddf03543466767e17a17df3e2bd9d1140e7fc2d4eb994bc9
-
SHA512
90a73b4cf8cd5fa570df3236f746ccf5abfbf6df6ac710f076e680736ff4425399c2df3f11a6b75be621d6499d42da3c8344ef0bf995930d5e53b6eb6c5dafc4
-
SSDEEP
786432:TfwRVLtfvbC9Dghk+qi3Qt4xZZcIQ4QPM25sysvE5pLfDosJpMmMV+c9kTzn/NOP:rwRVRLC9DghLqdt4xQ4QPMftwLfcgpDI
Static task
static1
Behavioral task
behavioral1
Sample
FlameWoo2K_0.0.8.exe
Resource
win11-20250314-en
Malware Config
Extracted
xenorat
localhost
testing 123123
-
delay
1000
-
install_path
nothingset
-
port
1234
-
startup_name
nothingset
Targets
-
-
Target
FlameWoo2K_0.0.8.exe
-
Size
45.7MB
-
MD5
348628e2646afa52e420ddd80f0dc496
-
SHA1
1d6e6dd8200019fa561e0a1092992d0b156f0528
-
SHA256
56b9c25f3bc2a415ddf03543466767e17a17df3e2bd9d1140e7fc2d4eb994bc9
-
SHA512
90a73b4cf8cd5fa570df3236f746ccf5abfbf6df6ac710f076e680736ff4425399c2df3f11a6b75be621d6499d42da3c8344ef0bf995930d5e53b6eb6c5dafc4
-
SSDEEP
786432:TfwRVLtfvbC9Dghk+qi3Qt4xZZcIQ4QPM25sysvE5pLfDosJpMmMV+c9kTzn/NOP:rwRVRLC9DghLqdt4xQ4QPMftwLfcgpDI
Score10/10-
Detect XenoRat Payload
-
Xenorat family
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-