General
-
Target
VEAZJDYY.zip
-
Size
1.3MB
-
Sample
250604-l52tkafq2y
-
MD5
38154f3fbc4066ec44a924c6fe215d57
-
SHA1
5e981c61b05c464f2f9560926f2fb5d6f8283b84
-
SHA256
fe67e626cec1bf31f177cc74846bea404f819c24a873a9c17ad4ee921d579492
-
SHA512
bdb2561c3850be63d0a27e308d8dd7c409c378514dc87892c7f1f5a8d462ee2a714dee9ac6bddd76726a8bd20ff67d51ff49c7e1958328dead40f05dcfbf1d6e
-
SSDEEP
24576:2gNuY8+fs1fB9uyGX453arBPps2ECM+Di24mYSJ1iEJr5Kt/7qwPsGLdOnJFp:2i3EnuyGXIaVqou2NYqPvKdqpk0B
Static task
static1
Behavioral task
behavioral1
Sample
Package/BugSplat64.dll
Resource
win10v2004-20250502-en
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\Jag_Load
-
inject_dll
%windir%\SysWOW64\pla.dll
Extracted
xenorat
94.130.65.160
Blake2
-
delay
600000
-
install_path
appdata
-
port
4444
-
startup_name
nothingset
Targets
-
-
Target
Package/BugSplat64.dll
-
Size
377KB
-
MD5
77332b787c5a521cf69434278cf61c51
-
SHA1
a9b6c1ec377188a0c4a3c17eee29421d49d3199f
-
SHA256
044faa9060d345fb43d44a8bd8e85fe7aac597ff5444ebe5b35489eceb312783
-
SHA512
0df5dffbc59bad8f5fe4c9ac6710079f82be0765a43f33d7ef723ce092bfa8f8083432d8c3ca2b7a61688c6bac9bbe672682b89ec56dad7cc042d5557e17f75d
-
SSDEEP
6144:8pPawwQxTcl7BytWPZVEsTRGRXvRyZK4rtx9TYo6JqXJrhCsRiw:8aQw7VPZ9zr5YnFw
Score1/10 -
-
-
Target
Package/Device_Synth.exe
-
Size
270KB
-
MD5
6a06b58d738d47e93f08ff39112fba2c
-
SHA1
3d4cbc2bf0362c3a7af191b69e310589d86bc1fb
-
SHA256
fdbe7dbe0228baad747bf7e8d830cbfbed7d2bd3013b8080dc50e726b21ddac6
-
SHA512
e021f725e01cb5018ec05c06f54d95b24758d137b80cbde52217bb85e2d809204f5afb90e9d57117b48135003cb7d7ba3773eb6b23dcde2bae246bd208e4f7ea
-
SSDEEP
6144:VIaCAK/UGjgTPD/CRe4GvTS8w9hzc9ap+zGd:qz7KmH9tpT
-
Detect XenoRat Payload
-
Detects HijackLoader (aka IDAT Loader)
-
Hijackloader family
-
Xenorat family
-
Suspicious use of SetThreadContext
-