General
-
Target
1.exe
-
Size
45KB
-
Sample
250331-nhxx7syvh1
-
MD5
408dd8a1624076a6257c252be6c8144c
-
SHA1
eb0fa69cbf1877e04f70df3c7473abcb51097c00
-
SHA256
bdf25d1a291916711f8f98784bb4dac59662c19edeb59fcecb5a9602ac6b450e
-
SHA512
6de633fa73ed7abb35d1e75d6b3d8a7b4dad8c37d90426fa8497b8e6bf8a9099a20fa8257608e4bf08a1d0577034131a691f150d88150666058fe628eb052575
-
SSDEEP
768:ZdhO/poiiUcjlJInuC2H9Xqk5nWEZ5SbTDaSuI7CPW5i:Xw+jjgnP2H9XqcnW85SbT3uIa
Behavioral task
behavioral1
Sample
1.exe
Resource
win10ltsc2021-20250314-en
Malware Config
Extracted
xenorat
127.0.0.1
Xeno_rat_nd8912d
-
delay
5000
-
install_path
appdata
-
port
4444
-
startup_name
system32
Targets
-
-
Target
1.exe
-
Size
45KB
-
MD5
408dd8a1624076a6257c252be6c8144c
-
SHA1
eb0fa69cbf1877e04f70df3c7473abcb51097c00
-
SHA256
bdf25d1a291916711f8f98784bb4dac59662c19edeb59fcecb5a9602ac6b450e
-
SHA512
6de633fa73ed7abb35d1e75d6b3d8a7b4dad8c37d90426fa8497b8e6bf8a9099a20fa8257608e4bf08a1d0577034131a691f150d88150666058fe628eb052575
-
SSDEEP
768:ZdhO/poiiUcjlJInuC2H9Xqk5nWEZ5SbTDaSuI7CPW5i:Xw+jjgnP2H9XqcnW85SbT3uIa
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-