General
-
Target
fd5408de1c1597eba487b973b0f9f38b819d6f0bf05df0ba72f39dc5b4787fdb
-
Size
2.8MB
-
Sample
250604-tealdseq9x
-
MD5
779e9692c8d690cfdaf169b7c63f0ff0
-
SHA1
4e1674b01f8eb5ae51aa2f16a16933d31b9d48a6
-
SHA256
fd5408de1c1597eba487b973b0f9f38b819d6f0bf05df0ba72f39dc5b4787fdb
-
SHA512
39de754338a034571deb8081bae72d668c01a1f82ac5ea404a4896de876c8bce9cf21115e73a3aa028017a7441c412039351dd3c464f6d2f325619317a29efd1
-
SSDEEP
49152:6i3TQuySl0+8yyDOWMxHkN/TDiVYrHOxOxmbg6iC/L9AfO7SnMjZPOlNU:6i3TQuyy8yyXMJk9niVYjOAxnm+ng1oS
Static task
static1
Behavioral task
behavioral1
Sample
Package/BugSplat64.dll
Resource
win10v2004-20250502-en
Malware Config
Extracted
hijackloader
-
directory
%APPDATA%\JBFArchive_alpha1
-
inject_dll
%windir%\SysWOW64\pla.dll
Extracted
xenorat
94.130.65.160
Blake2
-
delay
60000
-
install_path
appdata
-
port
4444
-
startup_name
nothingset
Targets
-
-
Target
Package/BugSplat64.dll
-
Size
377KB
-
MD5
77332b787c5a521cf69434278cf61c51
-
SHA1
a9b6c1ec377188a0c4a3c17eee29421d49d3199f
-
SHA256
044faa9060d345fb43d44a8bd8e85fe7aac597ff5444ebe5b35489eceb312783
-
SHA512
0df5dffbc59bad8f5fe4c9ac6710079f82be0765a43f33d7ef723ce092bfa8f8083432d8c3ca2b7a61688c6bac9bbe672682b89ec56dad7cc042d5557e17f75d
-
SSDEEP
6144:8pPawwQxTcl7BytWPZVEsTRGRXvRyZK4rtx9TYo6JqXJrhCsRiw:8aQw7VPZ9zr5YnFw
Score1/10 -
-
-
Target
Package/Device_Synth.exe
-
Size
270KB
-
MD5
6a06b58d738d47e93f08ff39112fba2c
-
SHA1
3d4cbc2bf0362c3a7af191b69e310589d86bc1fb
-
SHA256
fdbe7dbe0228baad747bf7e8d830cbfbed7d2bd3013b8080dc50e726b21ddac6
-
SHA512
e021f725e01cb5018ec05c06f54d95b24758d137b80cbde52217bb85e2d809204f5afb90e9d57117b48135003cb7d7ba3773eb6b23dcde2bae246bd208e4f7ea
-
SSDEEP
6144:VIaCAK/UGjgTPD/CRe4GvTS8w9hzc9ap+zGd:qz7KmH9tpT
-
Detect XenoRat Payload
-
Detects HijackLoader (aka IDAT Loader)
-
Hijackloader family
-
Xenorat family
-
Suspicious use of SetThreadContext
-