General
-
Target
b6622a436cb33c1ee6a116580b12a39097eb4d566137705060e8bc3d02d2e43e
-
Size
3.4MB
-
Sample
230328-jxww8shg37
-
MD5
529ecbed8bf3ff5e1c4b613f36ab4758
-
SHA1
f84b7a020c221879744427f34c1957b4a52fc998
-
SHA256
b6622a436cb33c1ee6a116580b12a39097eb4d566137705060e8bc3d02d2e43e
-
SHA512
61cf4580182d4bbfe294589eaf1d1b0c9d4fdbc26a18e5b2e0dee1e4284a3e63cad5685fb79588b1cd9032c7cdfc109287276284c631540cd50b1786b05ea400
-
SSDEEP
98304:OK1xSdXvKNmorEZCXZcVrx5EibycA63ZZQi/hmnbpHWw:xmohXZyTl+d63pmVb
Static task
static1
Malware Config
Targets
-
-
Target
b6622a436cb33c1ee6a116580b12a39097eb4d566137705060e8bc3d02d2e43e
-
Size
3.4MB
-
MD5
529ecbed8bf3ff5e1c4b613f36ab4758
-
SHA1
f84b7a020c221879744427f34c1957b4a52fc998
-
SHA256
b6622a436cb33c1ee6a116580b12a39097eb4d566137705060e8bc3d02d2e43e
-
SHA512
61cf4580182d4bbfe294589eaf1d1b0c9d4fdbc26a18e5b2e0dee1e4284a3e63cad5685fb79588b1cd9032c7cdfc109287276284c631540cd50b1786b05ea400
-
SSDEEP
98304:OK1xSdXvKNmorEZCXZcVrx5EibycA63ZZQi/hmnbpHWw:xmohXZyTl+d63pmVb
-
XMRig Miner payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-