Extracted

• • Target

    NyroxMain/NyroxV1.2.EXE

  • Size

    51.5MB

  • MD5

    631c3999aa69ec16dd1b76e0d58480c4

  • SHA1

    e7eb0455dd3ce9054df951e97074ccae1e04b3c0

  • SHA256

    28a4844156b5ae9212358fe80e2ec69bfc2b133706aba6b4faa39ac75358b4bc

  • SHA512

    d03c52e7b2177f215d39d1aba571fcfaa54de9046f619e972785a88aaa1aacad39ceed1d7fc90d66cade623555412ed7785dd08410641e23d1f0099f3a36bc2e

  • SSDEEP

    1572864:w+TrPZOWnH799na/bT3rRBcnIIh1hS1mGauoDcB:wkCf3r0ThW4

  Score

  10^/10

  xenoratpersistencepyinstallerratspywarestealertrojanupx

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1

• • Target

    NyroxMain/assets.dll

  • Size

    5.1MB

  • MD5

    773b3b72481fd8ef9b62b5ef0fe8040a

  • SHA1

    a42cbc7aab88689e834c158b24af8722586cf1b4

  • SHA256

    7f93fef11819a9f4b8edd342a1c2d3dbab25698ed75f9713ee1167fa2f852331

  • SHA512

    db7d29100060afc909cbf20bcd6d9c02fc0b29d8ee32606e2d6cf18270484f2b46853cda0b495a85cc7a2e3ae4536030a25216f101dceabf2f972e3375208c38

  • SSDEEP

    768:+UI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUI7yUIn:3

  Score

  1^/10
  behavioral2