General
-
Target
ccc.exe
-
Size
45KB
-
Sample
250603-ty7p8svj14
-
MD5
f475a3402f995ab6ac1d1a5af8f88b89
-
SHA1
27a87893cdea2a00c0640c281847b0332ff46c51
-
SHA256
41d533dda9573ad695134260a306216b040ae96ee075724e362e027b933496bd
-
SHA512
7cce2d2109b2e8b809df5ff6a050060b96b20cad5c8bdbbcf0f72df0d969f7e805b4e83e20cde5c5d55e388e8b71cb4fb71879ad92d3d7c386b2f02bc7db8bbe
-
SSDEEP
768:pdhO/poiiUcjlJInor6BH9Xqk5nWEZ5SbTDaeuI7CPW5Fe:nw+jjgn1H9XqcnW85SbT7uIg
Behavioral task
behavioral1
Sample
ccc.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
xenorat
87f657c6f2949395.myinnbox.net
ccleaner
-
delay
5000
-
install_path
appdata
-
port
3001
-
startup_name
CCleaner
Targets
-
-
Target
ccc.exe
-
Size
45KB
-
MD5
f475a3402f995ab6ac1d1a5af8f88b89
-
SHA1
27a87893cdea2a00c0640c281847b0332ff46c51
-
SHA256
41d533dda9573ad695134260a306216b040ae96ee075724e362e027b933496bd
-
SHA512
7cce2d2109b2e8b809df5ff6a050060b96b20cad5c8bdbbcf0f72df0d969f7e805b4e83e20cde5c5d55e388e8b71cb4fb71879ad92d3d7c386b2f02bc7db8bbe
-
SSDEEP
768:pdhO/poiiUcjlJInor6BH9Xqk5nWEZ5SbTDaeuI7CPW5Fe:nw+jjgn1H9XqcnW85SbT7uIg
-
Detect XenoRat Payload
-
Xenorat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-