General
-
Target
441850eda4778550cdb43335776d0a3a5e4bff52a3fbc17b5a43254715208739
-
Size
175KB
-
Sample
221003-r4845sbfel
-
MD5
69b8b5e3838f36d21114526eb8af9edb
-
SHA1
bf0074f62de858af5c44d6baef3ff520fcbaf406
-
SHA256
441850eda4778550cdb43335776d0a3a5e4bff52a3fbc17b5a43254715208739
-
SHA512
154d40bc752a17447fca6da6e4fadcfd84916687ef22f1990cc7b27f7fd39c02d55de3b83c352079c53cb1ac2ebe553830f98c62cc33dc31f0876d327c1be7cd
-
SSDEEP
3072:+RMEC2Oi8NXC797F8TBfFvj4bq57a8oIEx60sp2Dgeh:+xC2F8NXC796TB9vj48aRy0sojh
Malware Config
Targets
-
-
Target
441850eda4778550cdb43335776d0a3a5e4bff52a3fbc17b5a43254715208739
-
Size
175KB
-
MD5
69b8b5e3838f36d21114526eb8af9edb
-
SHA1
bf0074f62de858af5c44d6baef3ff520fcbaf406
-
SHA256
441850eda4778550cdb43335776d0a3a5e4bff52a3fbc17b5a43254715208739
-
SHA512
154d40bc752a17447fca6da6e4fadcfd84916687ef22f1990cc7b27f7fd39c02d55de3b83c352079c53cb1ac2ebe553830f98c62cc33dc31f0876d327c1be7cd
-
SSDEEP
3072:+RMEC2Oi8NXC797F8TBfFvj4bq57a8oIEx60sp2Dgeh:+xC2F8NXC796TB9vj48aRy0sojh
Score10/10-
UAC bypass
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-