General
-
Target
Xeno.exe
-
Size
83.5MB
-
Sample
250413-l735eatwe1
-
MD5
4a9bbf2c85eca4056ffa18ac6810e5ea
-
SHA1
977ba210748c921a134ac20a04832974a40447f6
-
SHA256
b6dcb36f671d9e83e5f51d1f07c1adcc27bd6bd63742a6af6d8e3bf7ecf5efcf
-
SHA512
e755f966817cab73fd035ce6b36d939496e93936bbac3a4ec9c50626bf5e131ad6f27498097d7296931dacf46ad020abea7f32823d0be723cd93d471927ed627
-
SSDEEP
1572864:ZtIupujKzlDzWjyPuOkiqOv8im2AOgE7WgelKiXKiY4MHHLeqPNLtD4c0GZcC:wYJBJ2OknOv8i3HkgeMiBMHVLtMjG9
Malware Config
Targets
-
-
Target
Xeno.exe
-
Size
83.5MB
-
MD5
4a9bbf2c85eca4056ffa18ac6810e5ea
-
SHA1
977ba210748c921a134ac20a04832974a40447f6
-
SHA256
b6dcb36f671d9e83e5f51d1f07c1adcc27bd6bd63742a6af6d8e3bf7ecf5efcf
-
SHA512
e755f966817cab73fd035ce6b36d939496e93936bbac3a4ec9c50626bf5e131ad6f27498097d7296931dacf46ad020abea7f32823d0be723cd93d471927ed627
-
SSDEEP
1572864:ZtIupujKzlDzWjyPuOkiqOv8im2AOgE7WgelKiXKiY4MHHLeqPNLtD4c0GZcC:wYJBJ2OknOv8i3HkgeMiBMHVLtMjG9
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-