General
-
Target
tmp
-
Size
5.4MB
-
Sample
240419-lyeepaee88
-
MD5
6a1db4f73db4ed058c8cd7e04dfa7cc3
-
SHA1
e3e074af4f3a6ed332eedf518b2d1f9a20314fd6
-
SHA256
0a5355f8e8a6665e7da928c50309b811b88f011d763d0ab5057a8b969992f5ec
-
SHA512
1ce79d2b5f58c9d1f6e68cb86a0d24fec883defd55115640b021816facd4bf3748da5a61b1e5da9f76f6b7a2b6c382b72261536bc28f48d0643a9f8aceb98fde
-
SSDEEP
49152:gzlsiRwPVALodv5ezAayuESxLZfsUyRRBIH2yHnJh4r5Nvo6X29ke0UzMPy7lyE4:gzlsiRtDdnu42yHQDv5o0IKDTNVn
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240220-en
Malware Config
Targets
-
-
Target
tmp
-
Size
5.4MB
-
MD5
6a1db4f73db4ed058c8cd7e04dfa7cc3
-
SHA1
e3e074af4f3a6ed332eedf518b2d1f9a20314fd6
-
SHA256
0a5355f8e8a6665e7da928c50309b811b88f011d763d0ab5057a8b969992f5ec
-
SHA512
1ce79d2b5f58c9d1f6e68cb86a0d24fec883defd55115640b021816facd4bf3748da5a61b1e5da9f76f6b7a2b6c382b72261536bc28f48d0643a9f8aceb98fde
-
SSDEEP
49152:gzlsiRwPVALodv5ezAayuESxLZfsUyRRBIH2yHnJh4r5Nvo6X29ke0UzMPy7lyE4:gzlsiRtDdnu42yHQDv5o0IKDTNVn
-
SectopRAT payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-