General
-
Target
697B7BFC9F44A4E89FB38857312C198B.exe
-
Size
285KB
-
Sample
210404-p56ykg57fa
-
MD5
697b7bfc9f44a4e89fb38857312c198b
-
SHA1
2189356d911952211d15ccf1a21d587ff88e72b0
-
SHA256
f272777ee69921d167509fdf27ad55f4deb671a9063854d63bef679aaa31d1ba
-
SHA512
ae2ff5d11e8ecb9825c049a506cc9f5a28b0479cebda6bc466a49c56e913e453d5764a289ce686f92bb8faf84534c0c7fdd8db8759729237d4fb169023dec4f8
Malware Config
Targets
-
-
Target
697B7BFC9F44A4E89FB38857312C198B.exe
-
Size
285KB
-
MD5
697b7bfc9f44a4e89fb38857312c198b
-
SHA1
2189356d911952211d15ccf1a21d587ff88e72b0
-
SHA256
f272777ee69921d167509fdf27ad55f4deb671a9063854d63bef679aaa31d1ba
-
SHA512
ae2ff5d11e8ecb9825c049a506cc9f5a28b0479cebda6bc466a49c56e913e453d5764a289ce686f92bb8faf84534c0c7fdd8db8759729237d4fb169023dec4f8
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Suspicious use of SetThreadContext
-