General
-
Target
SHCPWZUZ.zip
-
Size
2.1MB
-
Sample
250604-l51lhafq2s
-
MD5
3d13d54f6b33fe9b68d804c64c911167
-
SHA1
9bc8ef688e94137710decbd4112a9b1eac7db037
-
SHA256
c4430b3e016c2ca5fd095eadc638c27bbd1a96a1315b04a4fffad5ff900abe0f
-
SHA512
5dc3b55935172491819b3d01bccdc0f61b8932c7070eaec8a63ef321fde12af00796f3582d0e72cb2cb87d96ea12a1380d552d4c4f3501aad0af0c31f0758b06
-
SSDEEP
49152:ui3gzuyFDPEDMymAS7SvxL3Rr5orXFzBLQ+MZ/Hkh3S+Jm:ui3gzuyeDEA3vXAXF9LQN/khC+Jm
Static task
static1
Behavioral task
behavioral1
Sample
Package/BugSplat64.dll
Resource
win10v2004-20250502-en
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\debugComanr_alpha
-
inject_dll
%windir%\SysWOW64\pla.dll
Extracted
xenorat
94.130.65.160
Xeno_rat_nd8912d
-
delay
600000
-
install_path
nothingset
-
port
4444
-
startup_name
nothingset
Targets
-
-
Target
Package/BugSplat64.dll
-
Size
377KB
-
MD5
77332b787c5a521cf69434278cf61c51
-
SHA1
a9b6c1ec377188a0c4a3c17eee29421d49d3199f
-
SHA256
044faa9060d345fb43d44a8bd8e85fe7aac597ff5444ebe5b35489eceb312783
-
SHA512
0df5dffbc59bad8f5fe4c9ac6710079f82be0765a43f33d7ef723ce092bfa8f8083432d8c3ca2b7a61688c6bac9bbe672682b89ec56dad7cc042d5557e17f75d
-
SSDEEP
6144:8pPawwQxTcl7BytWPZVEsTRGRXvRyZK4rtx9TYo6JqXJrhCsRiw:8aQw7VPZ9zr5YnFw
Score1/10 -
-
-
Target
Package/Device_Synth.exe
-
Size
270KB
-
MD5
6a06b58d738d47e93f08ff39112fba2c
-
SHA1
3d4cbc2bf0362c3a7af191b69e310589d86bc1fb
-
SHA256
fdbe7dbe0228baad747bf7e8d830cbfbed7d2bd3013b8080dc50e726b21ddac6
-
SHA512
e021f725e01cb5018ec05c06f54d95b24758d137b80cbde52217bb85e2d809204f5afb90e9d57117b48135003cb7d7ba3773eb6b23dcde2bae246bd208e4f7ea
-
SSDEEP
6144:VIaCAK/UGjgTPD/CRe4GvTS8w9hzc9ap+zGd:qz7KmH9tpT
-
Detect XenoRat Payload
-
Detects HijackLoader (aka IDAT Loader)
-
Hijackloader family
-
Xenorat family
-
Suspicious use of SetThreadContext
-