585c29675f203dac167ee19bab6e4481b2f880cd77d7a150c3b3dbca3b845717 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

7

Sharing

General

Target

file.exe
Size

1.5MB
Sample

230211-n7fp8aca42
MD5

e87c2d5875d124a8f93328d297ebfc3d
SHA1

a6a9d0d5ae225e8be261840d473057d14739b383
SHA256

585c29675f203dac167ee19bab6e4481b2f880cd77d7a150c3b3dbca3b845717
SHA512

de9deb0ecd26f75bdf8213d4d67f4de775e2b36c6fdc2fc53a7401ba8940858d87f04f1a0d1dadb4f97121a37bd8ece0c6b95fcad76a7e9a1b56b89aedef0013
SSDEEP

49152:vEvtNoNITz8e5IOcRcEutajGvUbZlti6n:vEvtWPe2M2qUlltiO

Score

7^/10

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  1.5MB
- MD5
  
  e87c2d5875d124a8f93328d297ebfc3d
- SHA1
  
  a6a9d0d5ae225e8be261840d473057d14739b383
- SHA256
  
  585c29675f203dac167ee19bab6e4481b2f880cd77d7a150c3b3dbca3b845717
- SHA512
  
  de9deb0ecd26f75bdf8213d4d67f4de775e2b36c6fdc2fc53a7401ba8940858d87f04f1a0d1dadb4f97121a37bd8ece0c6b95fcad76a7e9a1b56b89aedef0013
- SSDEEP
  
  49152:vEvtNoNITz8e5IOcRcEutajGvUbZlti6n:vEvtWPe2M2qUlltiO
Score

7^/10
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy