50a16d5e07f5877c21f7a924941bd042211fd2cd869a0d7b69b1c7e1b13c66e8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

OmegaX.zip
Size

5.5MB
Sample

240415-lnt3dsbc77
MD5

8f1d96eac987e4873e4f3a38d45aa080
SHA1

21d35cb22aa42dd3a9e3a2463ba890a7bd58c26a
SHA256

50a16d5e07f5877c21f7a924941bd042211fd2cd869a0d7b69b1c7e1b13c66e8
SHA512

3bd2b3e54592d892945ba7f7e9a6a3ec6e42220e0eb2f21bf9542ad235ca1bae876d90fc6184c8c0815ffd5921773b284112b9874602b4110ae182470963995d
SSDEEP

98304:gz5C+lYyL/YkFGL87H8mwFBcQ3I0z/xt3XG9yRn0payfik47kHN0Zuhp22OQpLAX:gw4YyLQk8L87HkFOQ3I0bx1XG9yHxyNY

Score

7^/10

Malware Config

Targets

- Target
  
  OmegaX.zip
- Size
  
  5.5MB
- MD5
  
  8f1d96eac987e4873e4f3a38d45aa080
- SHA1
  
  21d35cb22aa42dd3a9e3a2463ba890a7bd58c26a
- SHA256
  
  50a16d5e07f5877c21f7a924941bd042211fd2cd869a0d7b69b1c7e1b13c66e8
- SHA512
  
  3bd2b3e54592d892945ba7f7e9a6a3ec6e42220e0eb2f21bf9542ad235ca1bae876d90fc6184c8c0815ffd5921773b284112b9874602b4110ae182470963995d
- SSDEEP
  
  98304:gz5C+lYyL/YkFGL87H8mwFBcQ3I0z/xt3XG9yRn0payfik47kHN0Zuhp22OQpLAX:gw4YyLQk8L87HkFOQ3I0bx1XG9yHxyNY
Score

1^/10
behavioral1 behavioral2
- Target
  
  OmegaX/Bin/Lua.xshd
- Size
  
  3KB
- MD5
  
  06c3876d77733fb64b8ec472afc77133
- SHA1
  
  10404820f6f7b1b3eba8be8ed11ce3873cdc1199
- SHA256
  
  4fe8128712ef9160e233ce05034046e90fba572a75f253853d8c21c8b1207a9c
- SHA512
  
  f7f76edd231772118152d3d6a3c2b0668adac4055057d5989cc17da9b15f76695a86debfe327ca149819b5478e89cb9f0ce51fd70753e5e4cd2eb4cc0e42a691
Score

1^/10
behavioral3 behavioral4
- Target
  
  OmegaX/ICSharpCode.AvalonEdit.dll
- Size
  
  598KB
- MD5
  
  b6142f182a86adf382ea845935a327bc
- SHA1
  
  841367a389b4df1207224a26f9e201e593d551d1
- SHA256
  
  7225253a9ca59db879340f9ea8ee4f48006ceadf878d04b446522007fbe3ebb3
- SHA512
  
  a5e4941409b4b06fdf44ec5ebfb5d99cec47b1f348e266e7dc20254e5465deb1abf60d67092b5aa1bd14f52d637b52b380382f838d601b0f3734ea5a406fb068
- SSDEEP
  
  6144:m7zJDqOpyhu6XzDnHYRdioOfP/5GvVTBz/xz0z77OxRmvdM+lNsjXU+9NKsTLO0l:C/9R9VONf
Score

1^/10
behavioral5 behavioral6
- Target
  
  OmegaX/OmegaBytecode.dll
- Size
  
  4.6MB
- MD5
  
  953eaef790a4ba5c6cf5b8c3ba09cb63
- SHA1
  
  923321815d9857099bea2cb6182e7da94babe96d
- SHA256
  
  c5e11cc52e3acf5f43aff47a7fc3b8f46b82d3c616262dd28591d64360b37243
- SHA512
  
  6cfa277ea18bacdbcf34d9313f3faa68ac13e5d4809ce6a8022be752b535d0ca3380eeb849b50644e26814f0f64a4cd20881bffdb5042900e68fa8f220aa78d5
- SSDEEP
  
  98304:8aj947EmXkli1R4029by0Z6e7bH3ZHgtULdmVVIWhdk8W:H9BHi1Rg9W0Z6eXHpHgtUlWC
Score

3^/10
behavioral7 behavioral8
- Target
  
  OmegaX/OmegaX.exe
- Size
  
  868KB
- MD5
  
  2afd4f91c0ccce5ae9fb4140c1c73c74
- SHA1
  
  c824626dc66b67cc8fbf4e706bd896b380c19dac
- SHA256
  
  82ffca06810c9367b072ef3a03828c9ac7024e23d7ddda7257905135a51c1ae2
- SHA512
  
  ade1023938b7fd1d2ff088c7bf26cd359e4a42e2f50cce46890136b7a34f9af8695a06082cd4dd21a9c385adba16d563a5f14a1bc3360ee12d17c3732c3bfa85
- SSDEEP
  
  24576:ZXuRMH2rcqivkRYgQ/jGdfFW4pOa1DRnA1X0:5uu2rcqWkOgOGd7pO0A1X0
Score

7^/10
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Legitimate hosting services abused for malware hosting/C2
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10