General
-
Target
f18bb1edd3ae7b63144e96132ce9aefb.bin
-
Size
4.1MB
-
Sample
240114-elplkabfhr
-
MD5
03d004d53b58f5a5a7ed0198ef775ad6
-
SHA1
52e190155c2aa462ae9b6bb8a9dc5ab0655a453a
-
SHA256
89f9caea29343d0a92b7a2cf4c3d675fe36ed7559f1f5fb389d8ee616023d1da
-
SHA512
c6e98dce3a583a71f3e2d07c65793ec278c5971985be16bb42945d17d674b4b5dd700d8921f052d3ffb19fa8604d6845126d291f40b37e9d5cf1ebaea7ef0cce
-
SSDEEP
98304:n4X9G5TE4Pzu2OQdDqowkfHEDGdhpFUey3i15Z:nmYXrOmDqhahpTF5Z
Behavioral task
behavioral1
Sample
897b63dc56623c54120c95340a7e8c416786dbc18bb03dae3300ab2fd57e928a.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
897b63dc56623c54120c95340a7e8c416786dbc18bb03dae3300ab2fd57e928a.exe
-
Size
6.5MB
-
MD5
f18bb1edd3ae7b63144e96132ce9aefb
-
SHA1
c1e427cada1d7c0ffc7196d722ee6c0af82c2756
-
SHA256
897b63dc56623c54120c95340a7e8c416786dbc18bb03dae3300ab2fd57e928a
-
SHA512
d0036a1b6bab8786f45688a7d22a3dfd28a9ef21048b13aea72182b3599d1ebb22acd210e5c86883b0b3a81f755a1a1eebe9a7fac7eaf7b5235188cc3f5eab0b
-
SSDEEP
98304:ukWTppXqlbXXSKXiDvrfuh8AN8HJyeZaDN6h:ukWVtYbnSKXSvbSupyYaDNE
-
Detect ZGRat V1
-
SectopRAT payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-