General
-
Target
sigmacode.bat
-
Size
241KB
-
Sample
250327-gek1xaxyg1
-
MD5
dc465799cbb5221f848c11da15faff51
-
SHA1
158d6b4d23f4e8bb0ba1eb96c0f9e665285faba6
-
SHA256
b59fda940719ff91b2df43e0c25e827853c0fb9c8eb43bce5c0324bc945ac53a
-
SHA512
763773fb65732bd2e6415056e59bf4b3c4f85f782bcc63da420f2e143f9c9787f9e25c548363e9d858f895a9e08338c4f80cd9fed779fa002092e1083410fb71
-
SSDEEP
6144:zqKuEvqtJNqLQa2qIUOKIHBSnMWQ/L24Ox1gRxzNP+oxQ6O9:zqBBzsl/IHBSMD/L24O7gRxzNP+o90
Static task
static1
Behavioral task
behavioral1
Sample
sigmacode.bat
Resource
win7-20240903-en
Malware Config
Extracted
xenorat
issue-vernon.gl.at.ply.gg
deptrainhatvutru
-
delay
5000
-
install_path
nothingset
-
port
7560
-
startup_name
nothingset
Targets
-
-
Target
sigmacode.bat
-
Size
241KB
-
MD5
dc465799cbb5221f848c11da15faff51
-
SHA1
158d6b4d23f4e8bb0ba1eb96c0f9e665285faba6
-
SHA256
b59fda940719ff91b2df43e0c25e827853c0fb9c8eb43bce5c0324bc945ac53a
-
SHA512
763773fb65732bd2e6415056e59bf4b3c4f85f782bcc63da420f2e143f9c9787f9e25c548363e9d858f895a9e08338c4f80cd9fed779fa002092e1083410fb71
-
SSDEEP
6144:zqKuEvqtJNqLQa2qIUOKIHBSnMWQ/L24Ox1gRxzNP+oxQ6O9:zqBBzsl/IHBSMD/L24O7gRxzNP+o90
-
Detect XenoRat Payload
-
Xenorat family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-