bb3c5e819c04462ebd68a511ff48b9a537bdde9062c3127e05dd736bbe856874 | Triage

Sharing

General

Target

f58ed466d6af193f741f1dfda5892193dae42dfa9419acacc7a76f68a7f56b09.zip
Size

2.9MB
Sample

231125-lyxahaaf2z
MD5

53f3bd992552b1f2f14f3acbf89123d2
SHA1

eb21a5ca648d246ad74c2fe9dea7d83b1b34da05
SHA256

bb3c5e819c04462ebd68a511ff48b9a537bdde9062c3127e05dd736bbe856874
SHA512

33bec395e54500492441f23596be951906841c89254ad5e6058ecad583970ff8cdc814ba9871765c8058881d78e6503b7ba42a5ec5e00b2c3eee2610ed7073fa
SSDEEP

49152:7gsyd1eploalwkKwxhbJkt9SIgh/gV7uA9BIJtaf6Dl1xGYP1N1rrHExNEkPc5UK:7gFLe7oalJ/vbJ9JbA98aSH1N1rrH6NY

Score

7^/10

spyware

Malware Config

Targets

- Target
  
  f58ed466d6af193f741f1dfda5892193dae42dfa9419acacc7a76f68a7f56b09.exe
- Size
  
  3.7MB
- MD5
  
  14644a030a4d02360e6502c5ac9a2523
- SHA1
  
  cfa85d3fdda8ced9699b98c61989bb09930d9b42
- SHA256
  
  f58ed466d6af193f741f1dfda5892193dae42dfa9419acacc7a76f68a7f56b09
- SHA512
  
  1579695ce412c7d20153e6992f36859aebc8b4a4dbcc251fa1a7b72d2aacbd3c2e7df554012f29415d961cfb53dfa431b83e7abe24a07a4b5cc2b0246a7b460e
- SSDEEP
  
  49152:UX2JWJuWy4rOP78N2xTS/Q6TNMAeGG+wqkDdWcuZC9baVhLKIyOnxLy5/INYr:8AqA4bNMAeLVdWRC9bO2IyOnhJYr
Score

7^/10

spyware
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2