bd3ae11ff6f6237d412fb63691f9f996cadfff01f4cc8fc794667cac32e4591b | Triage

Submit
Reports

Overview

overview

Static

static

bd3ae11ff6...1b.exe

windows7_x64

bd3ae11ff6...1b.exe

windows10-2004_x64

Sharing

General

Target

bd3ae11ff6f6237d412fb63691f9f996cadfff01f4cc8fc794667cac32e4591b
Size

192KB
Sample

220524-1btnesgfg3
MD5

df86d94d232936396ac44b8833d3a2b9
SHA1

5cda1121d3e3005dba8a92180223f0499eb0e2f9
SHA256

bd3ae11ff6f6237d412fb63691f9f996cadfff01f4cc8fc794667cac32e4591b
SHA512

d3a235982ed2d388a6cd9732dde041e2ac7ba4e05368d5a57812a51fa984685f8629ac35f46e4731d260d8cb7859fb1bf8f5af063bac9d94bafeb50897d78174

Score

10^/10

evasion rezer0 trojan

Static task

static1

Behavioral task

behavioral1

Sample

bd3ae11ff6f6237d412fb63691f9f996cadfff01f4cc8fc794667cac32e4591b.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bd3ae11ff6f6237d412fb63691f9f996cadfff01f4cc8fc794667cac32e4591b.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  bd3ae11ff6f6237d412fb63691f9f996cadfff01f4cc8fc794667cac32e4591b
- Size
  
  192KB
- MD5
  
  df86d94d232936396ac44b8833d3a2b9
- SHA1
  
  5cda1121d3e3005dba8a92180223f0499eb0e2f9
- SHA256
  
  bd3ae11ff6f6237d412fb63691f9f996cadfff01f4cc8fc794667cac32e4591b
- SHA512
  
  d3a235982ed2d388a6cd9732dde041e2ac7ba4e05368d5a57812a51fa984685f8629ac35f46e4731d260d8cb7859fb1bf8f5af063bac9d94bafeb50897d78174
Score

10^/10

rezer0 evasion trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy