2e8bc37a4a3e06f6cbab2019a246b59eabf903b8a2f54d4ab0fee6fee98061b5 | Triage

Sharing

General

Target

2e8bc37a4a3e06f6cbab2019a246b59eabf903b8a2f54d4ab0fee6fee98061b5
Size

682KB
MD5

0ecfd9df8f878a63edb1d9b70da07923
SHA1

c6fc3c612c80c9bb69094448f52210752169e01b
SHA256

2e8bc37a4a3e06f6cbab2019a246b59eabf903b8a2f54d4ab0fee6fee98061b5
SHA512

fb650a96c36555576686e2b8a07f0047190c52fa40a9524c19b51fec73f06b2e262f1235f095370d9b9fe1828b6b93c32b2d967ad007474e7739d9827c057f10
SSDEEP

12288:KZw9KB2xjalxOBITEM9P1kGGGgmlLhO7+MX3p0jJZlYfYg:fs4jg9TfAGGGgm9k+Mnp

Score

10^/10

Malware Config

Signatures

Detects executables Discord URL observed in first stage droppers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e8bc37a4a3e06f6cbab2019a246b59eabf903b8a2f54d4ab0fee6fee98061b5

Files

2e8bc37a4a3e06f6cbab2019a246b59eabf903b8a2f54d4ab0fee6fee98061b5
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\IONHe\OneDrive\Documents\Nitro-Ransomware\NitroRansomware\obj\Debug\X2A.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 613KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ