01213454be2e2bd5554351d65b790b255fcd7cf72eac9cf2c92dbad708a744e5 | Triage

Submit
Reports

Overview

overview

Static

static

3

01213454be...JC.exe

windows7-x64

01213454be...JC.exe

windows10-2004-x64

8

Sharing

General

Target

01213454be2e2bd5554351d65b790b255fcd7cf72eac9cf2c92dbad708a744e5_JC.exe
Size

50.3MB
Sample

230919-s17btabh95
MD5

fb270034a4a85c9bc2feb63ee33ec0f1
SHA1

702999aa135252ab3b27b946d13061d98bc5fb1c
SHA256

01213454be2e2bd5554351d65b790b255fcd7cf72eac9cf2c92dbad708a744e5
SHA512

1de9cd13bd5be26211cc2b74d4babec3514ed630780abecdf5983655ece28ceee2a4edf7701f40095c9f7c8c0c247e52000c08a2be9fccf7a556860184a04ad4
SSDEEP

786432:/Jt4Rs+UjfL+t4BrdRY9LA9vPZCTs5O/vnJJ8EK4t1egyvvn6R7zSc5q8c0mx2oi://yXmTp9Y90MTMEvJxt1tLBfLKG

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

01213454be2e2bd5554351d65b790b255fcd7cf72eac9cf2c92dbad708a744e5_JC.exe

Resource

win7-20230831-en

evasion persistence

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

01213454be2e2bd5554351d65b790b255fcd7cf72eac9cf2c92dbad708a744e5_JC.exe

Resource

win10v2004-20230915-en

evasion persistence

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  01213454be2e2bd5554351d65b790b255fcd7cf72eac9cf2c92dbad708a744e5_JC.exe
- Size
  
  50.3MB
- MD5
  
  fb270034a4a85c9bc2feb63ee33ec0f1
- SHA1
  
  702999aa135252ab3b27b946d13061d98bc5fb1c
- SHA256
  
  01213454be2e2bd5554351d65b790b255fcd7cf72eac9cf2c92dbad708a744e5
- SHA512
  
  1de9cd13bd5be26211cc2b74d4babec3514ed630780abecdf5983655ece28ceee2a4edf7701f40095c9f7c8c0c247e52000c08a2be9fccf7a556860184a04ad4
- SSDEEP
  
  786432:/Jt4Rs+UjfL+t4BrdRY9LA9vPZCTs5O/vnJJ8EK4t1egyvvn6R7zSc5q8c0mx2oi://yXmTp9Y90MTMEvJxt1tLBfLKG
Score

10^/10

evasion persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy