General
-
Target
ElectronRob.rar
-
Size
13.1MB
-
Sample
240210-nslb6adf22
-
MD5
cb7e582c4b521b64a1b4f1a40c78e058
-
SHA1
34f7b1c3d6e091104f40e3f77ba40755889109f4
-
SHA256
7709b8e6fe27a77e62613f71849a6ba98627161287e71d52bf1baf66df8951b0
-
SHA512
02d042c695eb9d6dc84998dc59f0e9099eaa5f6a05e14a0968fc4032d02e1e9d5325ad7be53366a75c40f5160f6a8926fcbffd309976733532c29e8b7477f8c8
-
SSDEEP
196608:IrF12894WPC9yPRtpahDyGIFb9SNUeKA3F6I6++r0MOp0O7Rn7Il6C9Sf9VIfjS:GF11yWBtpODyzSjR6+8eR2IVILS
Static task
static1
Behavioral task
behavioral1
Sample
ElectronR/Electron.exe
Resource
win10-20231215-en
Behavioral task
behavioral2
Sample
ElectronR/WpfAnimatedGif.dll
Resource
win10-20231220-en
Behavioral task
behavioral3
Sample
ElectronR/binkawin.dll
Resource
win10-20231215-en
Behavioral task
behavioral4
Sample
ElectronR/cef_extensions.js
Resource
win10-20231215-en
Behavioral task
behavioral5
Sample
ElectronR/metod 2/loader.exe
Resource
win10-20231215-en
Malware Config
Targets
-
-
Target
ElectronR/Electron.exe
-
Size
250.0MB
-
MD5
db98747f25aaa57cdf0c5024edd63ffb
-
SHA1
40afd52b14e3564fb3a6d7b8c7da58ad0d0352e2
-
SHA256
f5648a7be659a5f7e9f1c240aa2f7d512a462b8a5f9b3185ed5e134aebe34ea4
-
SHA512
8d3bb0d832cb987db4dde7a400449eda0e166cdb553111f6a54f6493400db9863915d09fdfa69c4e15c551fe7a70e390970668aa6e2e8de2e7a217c3e001456f
-
SSDEEP
24576:mus8z4tMW/Sq7ppJbWPPqxQFBRmPEdIS8gHKr0Mi27CBhbX7:xsOtqlpJeqxKBRPtpr27ABL
Score7/10-
Executes dropped EXE
-
-
-
Target
ElectronR/WpfAnimatedGif.dll
-
Size
41KB
-
MD5
f591261c6d85601764b3b8aea8df8b2e
-
SHA1
1b16ea63fcb9b60e41f871f428880059c40ded0c
-
SHA256
4498d8d1a0549717852507993b7c0350d1da408d22943ed8244d16441abfaf99
-
SHA512
05dafbb83d136cd75588f0883497864e942770258461998ab654aa07a1087df590446c28029b6c2fabe27520d47f88eff63ddf80448beaf96887ec5f801544aa
-
SSDEEP
768:jDcl7W1UiZTo1ooEqzW3SQwiNsI8l5wwyvUPrYZBkcD:X8QpZTsooEX3SQwr9y4UZRD
Score1/10 -
-
-
Target
ElectronR/binkawin.asi
-
Size
55KB
-
MD5
d51b5b46735b25c2d8372608159ed1a9
-
SHA1
2c178740901103d66a59131e19548d84c44fa768
-
SHA256
dd68562b5e4686e1a07603057db7a12040821beadd81d142bfb6a57d2de45ddb
-
SHA512
7c9a856fea8f7d4bddfc2b67724b475f7561979fbcf088ef2ce839e7c10870920ab4ea6b7d29254ab9d585a917eff5481c73644290350265682c627ab8fa110b
-
SSDEEP
1536:Ed01XORcuxj9ijJ644BXOpmE88Y+xs9PuMLHXwbJoeQ3fr:S0tOJxj9GJ644l2m78pm5uMLHX
Score4/10 -
-
-
Target
ElectronR/cef_extensions.pak
-
Size
1.6MB
-
MD5
fb65975b17de4a98bd39a56adfba5e49
-
SHA1
24f554f8d738e5e38d80930b1386092f062b2b18
-
SHA256
ce0db41570a927a119ddbb29484f02bc1aa6151503f87d8441290daa0b9a3ff1
-
SHA512
8c7bba37bdbdf426fe8d4bb665b62534b1a98259c4a2f7aaf23cfc5c124f480308496be3f0ff5cbd3a79a2eae3acc2eaf263ca7ab8a62fd5879905d64fc37dc4
-
SSDEEP
49152:KP7H5FrBDef67G1hdAKG8YVu4ZZCGr68IC72y:B1hLYo6ZCG+8byy
Score1/10 -
-
-
Target
ElectronR/metod 2/loader.exe
-
Size
222KB
-
MD5
d21b999040db0b326696983a772f862a
-
SHA1
77f4fd6966bb5231b1e70b1513cc8c72e41ee37f
-
SHA256
13fd7e1bb427d92b65e9d9d868b653e2fbf73974268204146bb3a38618ab7082
-
SHA512
8d7a23d58c5ce24ab5c515c7bb4374639fcef4bc106563d6bf2e3a5dd1e582795864952f879dfb8bb7342825ac13740caec0633297c9dbecd2cc67920ceb0d70
-
SSDEEP
3072:XDKW1FgppLRHMY0TBfJvjcTp5XMlbchJjQfhd6S34vgI1P1fRfxA:XDKW1Fgbdl0TBBvjc/Mp4+hdov14
Score10/10-
Detect Poverty Stealer Payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Suspicious use of SetThreadContext
-