General
-
Target
FD93276E02ECE594AFF2E6A9682D0E86.exe
-
Size
1.9MB
-
Sample
231021-mwa5xsec2x
-
MD5
fd93276e02ece594aff2e6a9682d0e86
-
SHA1
fff4e0a61a7ea36e1a9bf9ad6acddc2a2aeac085
-
SHA256
1a6d98c00c3293b9734833c30ac2f90b007bf2db4a7a3aa0dd45e35bc6b26777
-
SHA512
3993673f40d83979c74071299479d2521a04ca030d6f8ac939f10d5c3cee9e430c876e480a5f8976ed834beef565728597b39fdd80002fd92118af595ebb2b32
-
SSDEEP
24576:BL4TlKbuBqki/g9kJBnfkzg8IfXOSQvoRMAbST9mZ3OsuBgVFV2R4mGCyW00YfZI:2TlKb4ziWsP5zReeQBgVGa8yW00QQ/
Malware Config
Targets
-
-
Target
FD93276E02ECE594AFF2E6A9682D0E86.exe
-
Size
1.9MB
-
MD5
fd93276e02ece594aff2e6a9682d0e86
-
SHA1
fff4e0a61a7ea36e1a9bf9ad6acddc2a2aeac085
-
SHA256
1a6d98c00c3293b9734833c30ac2f90b007bf2db4a7a3aa0dd45e35bc6b26777
-
SHA512
3993673f40d83979c74071299479d2521a04ca030d6f8ac939f10d5c3cee9e430c876e480a5f8976ed834beef565728597b39fdd80002fd92118af595ebb2b32
-
SSDEEP
24576:BL4TlKbuBqki/g9kJBnfkzg8IfXOSQvoRMAbST9mZ3OsuBgVFV2R4mGCyW00YfZI:2TlKb4ziWsP5zReeQBgVGa8yW00QQ/
Score7/10-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-