4e671c40d9d780b85f8a44aa50a5c175a9f2c2a0a530e450a981905713ec5378

Target

Xeno-v1.1.65.zip
Size

5.1MB
Sample

250329-wxy3taznv5
MD5

9460d2d0e73873317cc16dae8c4f885d
SHA1

bd4791b77412e57c371b2e13161b10d469025d38
SHA256

4e671c40d9d780b85f8a44aa50a5c175a9f2c2a0a530e450a981905713ec5378
SHA512

d8db5fc3020ff36989b11f8d4d1eb1e0215d0d99fa957af0de63e2ba9c07687ca6e14ffc4b899973520516ce29b56eddde1938a62fc37c9e4f95a382d29f8063
SSDEEP

98304:a4RR0KKnwHS5nAczyzrA+0kWM98TjBH+//p2wB+hQlzim1HEQrclrMYvo:t7Anwy5AcyrR0DMEBeJrGMimkmvYA

Score

6^/10

Malware Config

Targets

- Target
  
  Xeno-v1.1.65.zip
- Size
  
  5.1MB
- MD5
  
  9460d2d0e73873317cc16dae8c4f885d
- SHA1
  
  bd4791b77412e57c371b2e13161b10d469025d38
- SHA256
  
  4e671c40d9d780b85f8a44aa50a5c175a9f2c2a0a530e450a981905713ec5378
- SHA512
  
  d8db5fc3020ff36989b11f8d4d1eb1e0215d0d99fa957af0de63e2ba9c07687ca6e14ffc4b899973520516ce29b56eddde1938a62fc37c9e4f95a382d29f8063
- SSDEEP
  
  98304:a4RR0KKnwHS5nAczyzrA+0kWM98TjBH+//p2wB+hQlzim1HEQrclrMYvo:t7Anwy5AcyrR0DMEBeJrGMimkmvYA
Score

1^/10
behavioral1 behavioral2
- Target
  
  Xeno-v1.1.65/Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral3 behavioral4
- Target
  
  Xeno-v1.1.65/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral5 behavioral6
- Target
  
  Xeno-v1.1.65/Microsoft.Web.WebView2.Wpf.dll
- Size
  
  50KB
- MD5
  
  4a292c5c2abf1aab91dee8eecafe0ab6
- SHA1
  
  369e788108e5fb0608a803fa2e5a06690b4464b5
- SHA256
  
  b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4
- SHA512
  
  ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde
- SSDEEP
  
  1536:gpGhWMhWLF9jwKi8LDP/ryEH0GBy4JjrD1aah/UaOzk6hKKa5/Bi/IGCv0Z0T6Cc:taBi8LDP/b0GBy4JjrD1aah/UaOzk6hz
Score

1^/10
behavioral7 behavioral8
- Target
  
  Xeno-v1.1.65/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral10 behavioral9
- Target
  
  Xeno-v1.1.65/Xeno.dll
- Size
  
  1.7MB
- MD5
  
  4cadca29af3a11865fef4615c1570d67
- SHA1
  
  c9df54865d8aa1720e567a1a63d54d6b4cf6eb44
- SHA256
  
  86adb40984d8ac950b3dd8057af8015fee5fad009598e529c153f6548e9c57db
- SHA512
  
  7761aa9969da57499bb88cef5d137684c4d89e3fe969c5cbaf13229079876ed876dfc83d2f61a8d436b6d66c6a36557e3c6f80e64ce81713967e042cc447cdc9
- SSDEEP
  
  24576:gg7i169cc1ndx8TKA1dpJhOtfZOQ5mtLgjHWdTvy7e+JXEv0EmXK3C:99cc1ndx+kgkmtqHyKTEe
Score

1^/10
behavioral11 behavioral12
- Target
  
  Xeno-v1.1.65/Xeno.exe
- Size
  
  140KB
- MD5
  
  70797e0760472325728ba786ca208976
- SHA1
  
  8912f23afbe8b78a9582f2a458b89a7fd697e638
- SHA256
  
  20744d38bc27d656a095e57bef62a44f5f6317de3672020e8a4a1e1057545764
- SHA512
  
  787f172cbc18eeb4f8e88420377459f37918edc9aec0105566f9e79555a962d6e89d7d0d6b791475282b2c5fb093c9e85544794639ad2771d9ca4a0e5b456477
- SSDEEP
  
  3072:h+f4nYTC3LwjBzaQhlG4a7qWdCXdXxuZjwxfBoy:h+f4nKvaQhcF7qI+xuZjwxB
Score

6^/10

discovery defense_evasion trojan
- Checks whether UAC is enabled
  defense_evasion trojan
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
behavioral13 behavioral14
- Target
  
  Xeno-v1.1.65/XenoUI.deps.json
- Size
  
  2KB
- MD5
  
  f264dff8b12b6341b6bb97f9cea46324
- SHA1
  
  f8f19c048eacb31fb11b88d2a14b02cb3b7dbd74
- SHA256
  
  16b09c4fa7b6b3b75ded9a5ea854ad0b1b88288969376c94de1546cd02a82905
- SHA512
  
  4c69f803f0c48cff3da3b862dcad62b5c29af197f83d52cbf176c91e16752f883aea5ccb264aec66c2af179e038b5cf98439561ce08ffd31fc8b385486c67b93
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Xeno-v1.1.65/XenoUI.dll
- Size
  
  93KB
- MD5
  
  70f81947b43381d2a04236e18d96cc97
- SHA1
  
  9c704e6fc55ba25534cab8c46fcd00768067b27b
- SHA256
  
  ebbd0f6752ea2c36612da63bf7b939bf856ecbae4d9b78800fd7cb0a068b32d6
- SHA512
  
  b70390942b43c28949a9e88f163ad2f7552d45b4543bb7f52a305723f09bdfbf81d8cfa6315cb3d4063ffe02113f091c54be071d3b5c59b31e4ba58ac6a979d9
- SSDEEP
  
  1536:tGrL4ZZUZ4fzT8xxc3j8NWhouM/APHV5y6SlSO8mh:4rkZKWzT8xxHe7Pby6Simh
Score

1^/10
behavioral17 behavioral18
- Target
  
  Xeno-v1.1.65/XenoUI.runtimeconfig.json
- Size
  
  515B
- MD5
  
  e0f6f18f9b152bc2d8c710b0214805d6
- SHA1
  
  ae3d39e59fd6edc05792a76cdf4f02a637f52e29
- SHA256
  
  89ad1ea5c9c20b6b266547ef27c0ae3840cab5642d3c2aedf06b7026245671dd
- SHA512
  
  80a6a9ff925bd1ba6f57fa1f7dd40de962001af97f8c2477d0b502728e23b6f412c74134e33efb36ccfeb08bbbeb678beb7e2e52fad24a763967eba8cf09b29e
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Xeno-v1.1.65/api-ms-win-crt-convert-l1-1-0.dll
- Size
  
  15KB
- MD5
  
  c8dbf0ca88facfe87899168a7f7db52c
- SHA1
  
  e2cf163ad067b5d3b19908a71ed393711f66cd09
- SHA256
  
  94b6e91b93c2202dabd659bff294bee87c22897a30a6b4930b49051c2fb502dc
- SHA512
  
  e85c738f5d5a0ae6c3ef75a082712cb3cf2feae4560d316cb110e4eaf3a97d6058d5374da2a5edde39c3114f9aff8a027cbdff8cf49be2425943bac09c39e70b
- SSDEEP
  
  192:w89M0wd8dc9cy1WphWWD1S8f4DBQABJt9o0Z5uE7Mqnajcno:wt0wd8xy1WphWWD1IDBRJtO0zuOMlAo
Score

1^/10
behavioral21
- Target
  
  Xeno-v1.1.65/api-ms-win-crt-filesystem-l1-1-0.dll
- Size
  
  13KB
- MD5
  
  42a2a95f1bb940d01f55eb1674a81fe2
- SHA1
  
  f982f3bbb4dc3aaaba8df098d1b395846f7cba08
- SHA256
  
  51541ec6684b43157a85ea46a42ebed4555be06bed0d0d07ff3ea6377301318d
- SHA512
  
  de9a7a1a6a45e2f76105eaeafcc3c29adbff142dcf2586e147417045b897a9dcddec5e1b97acfc5d3fc9c8e3a508dbc3f607bf3df20a7435e74436f94cb056b6
- SSDEEP
  
  192:zt/PGnWlC0i5C9WphWAeD1S8f4DBQABJJ2yy2D8KN3qnajV2MVorr:VunWm5C9WphWbD1IDBRJJkt2lxnorr
Score

1^/10
behavioral22
- Target
  
  Xeno-v1.1.65/api-ms-win-crt-heap-l1-1-0.dll
- Size
  
  12KB
- MD5
  
  98da186fd7d7873c164a51c5d7b77f1a
- SHA1
  
  725a8b8fdfbe6a1e85674f4b2a7c0dd08411e00b
- SHA256
  
  80139e4caa379d87b1d1dafc23ace71d2b330368115f6314140d4ae59c2a78e8
- SHA512
  
  587b49a24cc59d4dcb62b59f379d1c9010196a6551cfc99ffdd931eeb0172618f020863191e530d65ad198e57063c57ba6f70bcf80591304243268ea5513f806
- SSDEEP
  
  192:DaY17aFBRQWphWp+QD1S8f4DBQABJtAa46ArNc4qnajr7PQW:7VWphWFD1IDBRJtAa54lrPQW
Score

1^/10
behavioral23
- Target
  
  Xeno-v1.1.65/api-ms-win-crt-locale-l1-1-0.dll
- Size
  
  11KB
- MD5
  
  ff48b107b2449a647c64baabd49408a1
- SHA1
  
  efb868ba125d9ff08474f02b9483d74c36a13cee
- SHA256
  
  7bb8644e565ad4bcfd890f9044bccb4d99953a740e9a500b1f820b2fdc3fc240
- SHA512
  
  4da2e4b727e7f31f8bffd680453c451b444bdf217c15cb36e353f8bb5ecb6c6481caa7d848558c7d94cfc2d1bc3551ace11e85ffc8ec7a7b570a59c294ea0216
- SSDEEP
  
  192:JWphWzDD1S8f4DBQABJtySO5M8xOSqnaj3yAY9:JWphWHD1IDBRJtyICTluAY9
Score

1^/10
behavioral24
- Target
  
  Xeno-v1.1.65/api-ms-win-crt-math-l1-1-0.dll
- Size
  
  20KB
- MD5
  
  e10e077bb06209aedd0d0d378c758f73
- SHA1
  
  97a9053a311280678f8ef65dc4e25975c41bd4ee
- SHA256
  
  8a7bff1c918539a75c25568db25933d653c003e016fd7791a37186b42bbb7c20
- SHA512
  
  571c1fc4192320bd967b603e6cda917a62f4720eb4dcd557ec2913d2558c0cfe68f936198f5809934aaa3a1d6049e8e918eb0e638a7244df5c71ef0c78843191
- SSDEEP
  
  384:rJI2M4Oe59Ckb1hgmLZWphW1D1IDBRJJo95DKlxT1xpN:ri2Mq59Bb1jEkI1PU5Dmv
Score

1^/10
behavioral25
- Target
  
  Xeno-v1.1.65/api-ms-win-crt-runtime-l1-1-0.dll
- Size
  
  16KB
- MD5
  
  f91e1ff896b5616919ac97c7095c513e
- SHA1
  
  4ec6eed0bac5a8801db10238c7b3a5d35a87be67
- SHA256
  
  07382c0d91dad2bb6ba8bd06ea02f12c57abf7c4e5a70672e9f2954d09a4ffd4
- SHA512
  
  6448d6cdfde11e1805b6d381111ea062f681807c9dc54ae890305f287b13b6fb57ef3f4d3b909e56b81c99830c086b5702b46ba0f93e695fce2b87b32fa4b26a
- SSDEEP
  
  192:uaajPrpJhhf4AN5/KipWphWAzD1S8f4DBQABJJLQ67T0q11qnajVtPx5g:ulbr7fWphWiD1IDBRJJL7Tplxb5g
Score

1^/10
behavioral26
- Target
  
  Xeno-v1.1.65/api-ms-win-crt-stdio-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  429c26ed27a026442f89c95ff16ce8c2
- SHA1
  
  69ed09faae00a980c296546c9b5e6a8d5f978439
- SHA256
  
  2a466648affd3d51b944f563bb65046a3da91006a0d90fb2c0b123487a1fc1b3
- SHA512
  
  04641164d9e1eb3183db0c406583626011dfe2b2574551c0ac466ebf44165afcd7d8faf356b8268b4fc9a54db20de010a4e4293594ad2e605950aea65636f4e5
- SSDEEP
  
  192:BpPLNPjFuWYFxEpah7WphWRD1S8f4DBQABJ+SiLuEbNEdiqnajVCpEbOg4:B19OFVh7WphWRD1IDBRJ5iLbnlxkEf
Score

1^/10
behavioral27
- Target
  
  Xeno-v1.1.65/api-ms-win-crt-string-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  0f593e50be4715aa8e1f6eb39434edd5
- SHA1
  
  1117709f577278717c34365ce879bcd7c956069b
- SHA256
  
  bf4ea10be1b64c442ac0ccf4bdf69f6703467176a27e9e14a488d26448a6e179
- SHA512
  
  487dcbf7b7f18d62606cb2f05c8feff07e6ecda42e643f5919c6edda66cdb3b8cc393b0d260374f06c10cf54082410fc9f02bd87cc50866bc0c28b0bcec3e658
- SSDEEP
  
  384:fFvU4x0C5yguNvZ5VQgx3SbwA7yMVIkFGl3WphW+D1IDBRJ5YBMOnlxkEx:p5yguNvZ5VQgx3SbwA71IkFxVI1PKJ
Score

1^/10
behavioral28
- Target
  
  Xeno-v1.1.65/bin/Monaco/index.html
- Size
  
  164KB
- MD5
  
  001dcbb8f41cdcbf9b4d1e3a0ed4b2d2
- SHA1
  
  982a05814546017c40771e59e7677b53d84787e9
- SHA256
  
  f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951
- SHA512
  
  9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa
- SSDEEP
  
  3072:Nk4J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7pblM:64J09BA3pZaFD48VOAGUWYPjdlLJbRBS
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral29 behavioral30
- Target
  
  Xeno-v1.1.65/bin/Monaco/vs/base/worker/workerMain.js
- Size
  
  133KB
- MD5
  
  d0ac5294c58e523cddf25bc6d785fa48
- SHA1
  
  1b3661b6db36f1b14fd80dc9a739bfc69c68dfe5
- SHA256
  
  e90d1a8f116fa74431117a3ad78dde16dde060a4bf7528dfe3d5a3ad6156504b
- SHA512
  
  fea07a1ea5d29a3b4c614248655f4d1ddd94c10c6a6b5c8b428a8b4c0cbec7e7492fa0665c5001e65ce167240ffdfc5ac2c2ed14da3d6f508ae8d8b3c8e8eebb
- SSDEEP
  
  3072:bzjH/zYJc5c/7tMLrJ78II4F9N8+em5W+:XjH/zYJc5c/76LrJ78I7BL
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Checks whether UAC is enabled

Network Share Discovery

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32