General
-
Target
setup.exe
-
Size
3.4MB
-
Sample
230402-atgtgadf68
-
MD5
5b960890ed6518af295dc6a18129549d
-
SHA1
309c4a765aed75b2a8dd07c5aba9eb026ec1f2ca
-
SHA256
91eb4acd7e16923cc03e7c148d3ba5f0bb6af34f566c52976767f316a80d8935
-
SHA512
46e82e413a04b1d749b223c695283f336147161a15f4b4ae3111ae565e7c6846cb4c65122405b07e8ef7ebd85966897908c03ace1964785a6da0eca111613a07
-
SSDEEP
98304:hK1xSdXvKNmorEZCXZcVrx5EibycA63ZZQi/hmnbpHWK:amohXZyTl+d63pmVF
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
setup.exe
-
Size
3.4MB
-
MD5
5b960890ed6518af295dc6a18129549d
-
SHA1
309c4a765aed75b2a8dd07c5aba9eb026ec1f2ca
-
SHA256
91eb4acd7e16923cc03e7c148d3ba5f0bb6af34f566c52976767f316a80d8935
-
SHA512
46e82e413a04b1d749b223c695283f336147161a15f4b4ae3111ae565e7c6846cb4c65122405b07e8ef7ebd85966897908c03ace1964785a6da0eca111613a07
-
SSDEEP
98304:hK1xSdXvKNmorEZCXZcVrx5EibycA63ZZQi/hmnbpHWK:amohXZyTl+d63pmVF
-
XMRig Miner payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-