Extracted

Extracted

Extracted

Extracted

• • Target

    7ba00a7f8bf0f2d0237bd01bb12a825b

  • Size

    3.3MB

  • MD5

    7ba00a7f8bf0f2d0237bd01bb12a825b

  • SHA1

    1af2a65956ba61ded056f90ef48e08abb7e4e6b5

  • SHA256

    a80595d5777175cd4da514edb06d38676888daf62608369b816b2f11b6aa9cc2

  • SHA512

    9b99656efbb22c6eb0e3cee3a5949d3f5cbf1e24821b30d3ee33bfcea5a0928cc96a05daf19cbf88041e75030f3168727045bb1630a0ddf2edd6d6465eab761b

  • SSDEEP

    98304:JK0LsE9LvEbGRN0nM1BOhu3uiJgR2qpNeJ:JK4sIoGDhBuu8j8J

  Score

  10^/10

  nullmixerprivateloaderriseprosmokeloadervidarxmrig706pub6aspackv2backdoordropperevasionloaderminerspywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • Vidar Stealer

    stealer

  • XMRig Miner payload

    miner

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2

• • Target

    setup_installer.exe

  • Size

    3.3MB

  • MD5

    8765c39cc6647adc171220b11942422b

  • SHA1

    5a45fd626dcf26b1f933e5a18db138fe1df64444

  • SHA256

    f52e34603c58c806081a09fc4ba38eabe1e3f12b7a57a75353ecf593177fa7ef

  • SHA512

    8c5bf35e5d6dc7aab1bff4836ef00e44d7e158d4b8d3f9bcf9ebb39a02b21078c5879f061ac926aa52b9a0f9a83752f322db1d98c1a2908a9ec5eed60919fa65

  • SSDEEP

    98304:xpeKfE9KlGB9z8qTsF5iOew3qrCvLUBsKxp:x8/9HHoGDQLUCKxp

  Score

  10^/10

  nullmixerprivateloaderriseprosmokeloadervidar706pub6aspackv2backdoordropperloaderspywarestealertrojanxmrigevasionminer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

    droppernullmixer

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • Vidar Stealer

    stealer

  • XMRig Miner payload

    miner

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral3behavioral4