General
-
Target
MonkeModManager.exe
-
Size
45KB
-
Sample
250330-j1rfxstwez
-
MD5
3d75be9fe85086a7952241df59014816
-
SHA1
f7d45777b90ad26b81f939fe10b3c7c3a7a815dc
-
SHA256
c8a3a8db0ca4a6e9edd28a219fbffb20459e823fe8651c449ab69ed10e9d9e12
-
SHA512
fd1d0a03ac9f98399208739e0d5659efac02dff5af30358a2679d56ef6975b1df343fdaab4d30b2f8600538207e091cc20a712689184ae18bed3f5729552c46d
-
SSDEEP
768:pdhO/poiiUcjlJInseqIH9Xqk5nWEZ5SbTDa1WI7CPW5C:nw+jjgn3H9XqcnW85SbTEWIq
Behavioral task
behavioral1
Sample
MonkeModManager.exe
Resource
win10v2004-20250314-en
Malware Config
Extracted
xenorat
127.0.0.1
-
delay
5000
-
install_path
temp
-
port
1111
-
startup_name
Windows Firewall Protection
Targets
-
-
Target
MonkeModManager.exe
-
Size
45KB
-
MD5
3d75be9fe85086a7952241df59014816
-
SHA1
f7d45777b90ad26b81f939fe10b3c7c3a7a815dc
-
SHA256
c8a3a8db0ca4a6e9edd28a219fbffb20459e823fe8651c449ab69ed10e9d9e12
-
SHA512
fd1d0a03ac9f98399208739e0d5659efac02dff5af30358a2679d56ef6975b1df343fdaab4d30b2f8600538207e091cc20a712689184ae18bed3f5729552c46d
-
SSDEEP
768:pdhO/poiiUcjlJInseqIH9Xqk5nWEZ5SbTDa1WI7CPW5C:nw+jjgn3H9XqcnW85SbTEWIq
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-