Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    816d4fd6ca3b5dcba1a2a355e5198f413aae21af5d8e53bff74b02e59345f9c9

  • Size

    1002KB

  • Sample

    231015-19vy5saf2w

  • MD5

    2ba0dd909834cf4c4eb4e3a94b17b149

  • SHA1

    7e0f8c499a6a567abb1a0d003300ba90ca7f373b

  • SHA256

    816d4fd6ca3b5dcba1a2a355e5198f413aae21af5d8e53bff74b02e59345f9c9

  • SHA512

    9dd65989c4e26d40b949d9cf280c2d1291d05ac6326d2e0160d86fe14ff5d1bc3f7814c1d0547cda106cbf44fa3a2ce813bd44259ac4f910d8ec261a8f8ded04

  • SSDEEP

    24576:9y3jr1ELLw03ZJWFEmT2m217y6Qzt8KO7i:Y3/GLLbJyEmT2mEyLZ7k

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      816d4fd6ca3b5dcba1a2a355e5198f413aae21af5d8e53bff74b02e59345f9c9

    • Size

      1002KB

    • MD5

      2ba0dd909834cf4c4eb4e3a94b17b149

    • SHA1

      7e0f8c499a6a567abb1a0d003300ba90ca7f373b

    • SHA256

      816d4fd6ca3b5dcba1a2a355e5198f413aae21af5d8e53bff74b02e59345f9c9

    • SHA512

      9dd65989c4e26d40b949d9cf280c2d1291d05ac6326d2e0160d86fe14ff5d1bc3f7814c1d0547cda106cbf44fa3a2ce813bd44259ac4f910d8ec261a8f8ded04

    • SSDEEP

      24576:9y3jr1ELLw03ZJWFEmT2m217y6Qzt8KO7i:Y3/GLLbJyEmT2mEyLZ7k

    Score
    10/10
    evasionpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks