Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

19/04/2024, 14:52

240419-r82wmafb32 10

19/04/2024, 14:48

240419-r6mnxsfa59 10

General

  • Target

    dotNET_Reactor.zip

  • Size

    16.9MB

  • Sample

    240419-r82wmafb32

  • MD5

    f4426ffd6d641bca1161b4ccca04a63c

  • SHA1

    0262e258dc37f47b49e13355ff90d370d7bb53ba

  • SHA256

    30202655ac09c4e87af419d8b461a2195fcc353f6ee7a6816b8075726e3e750b

  • SHA512

    d89d070a62c9c850362a50e2922e1670a2473de38635dce7db7d32f91ec6a206c744e496a6da07c1e8460c5799f0883434a523e9d2ad171b90a88a801ae8c0ea

  • SSDEEP

    393216:b0VcN4+XvRmPcT9Gh4MWhBwdA3gBpvc1fXyQlDVq8fB2nCZu7iqwLme:b0A/EPo9VMsB1WENVfdqAu4V

Score
10/10

Malware Config

Targets

    • Target

      dotNET_Reactor/Help/License Agreement.html

    • Size

      20KB

    • MD5

      06c924279196f41e26319f9bf5e65bfa

    • SHA1

      3c0077fdcb7fe9d2414e8490a165c5d45c78ac75

    • SHA256

      ea175c9d9d6597cc35aebc53a6bdc10e1e914c6d5d6fc6c19e0da78b11b4b137

    • SHA512

      d3234456a399628e0e4178612c1ebb02a37e74c3226f7cf31a1aa0330644debbe8f8095a83a7cb41dfc3ddd22695f8853a866094f0814d4698227de875625816

    • SSDEEP

      384:Dhbkegxb0Fac9mfn3+2YCjDoAOIdHNY0B+:lAhxWfOnO6PAYq0B+

    Score
    1/10
    • Target

      dotNET_Reactor/Help/REACTOR_HELP.exe

    • Size

      2.6MB

    • MD5

      db1c91c8d1d7573371cac6a51bf3a1b9

    • SHA1

      291fe96baeeca49fd4271f06b885477de284bf9c

    • SHA256

      a3f0cebda251dcf4ccb5915d8ead90771f76e0df9fbb35193b74e4687852d473

    • SHA512

      da066b919316ce98255562c41c4267dd3059695028d8c8b19ed1303a57b909efe0a333bb2d7a5020c5c0c88824e233242548d3673d7f8a01db11a393b92da3ca

    • SSDEEP

      49152:7REPdRPWz0aXp8YttmYTnPFVpqW3LPDt78wqqRL9q2mhUdot8fsgL6WnWNM:72I0opZfTnPJVPDt78wqqlrm6St8fYWz

    Score
    4/10
    • Target

      dotNET_Reactor/NCC3.dll

    • Size

      72KB

    • MD5

      aa84f91edd922e7b3bb979e663c94f1a

    • SHA1

      da46b9962a6c6cceef38c3e11b8b5bc9c1b536fa

    • SHA256

      38274608d5a4b53ec22f8099f798ba46ce0ed41db65a33dfb3853f0dbf849f6f

    • SHA512

      88392fc77a0300ece306908867be38011530d9eefdf003452ba86d82f2fa4a61c2b27a199f376ac307c095beaa4f52cefcab59c8b28fa187c0bca13f55f2d98b

    • SSDEEP

      1536:a44UF/3qab79HtYDAD5MPEBq9iNv6qfSOBHfVW:a44G3fRMPiuuv6qqOBHfVW

    Score
    3/10
    • Target

      dotNET_Reactor/VS08ReactorAddin.dll

    • Size

      133KB

    • MD5

      b4c1e8023be1bd3af8425885ed5d02ce

    • SHA1

      0d6e7eb3f8a6a442d7f7c030ddb0bdc5d907deed

    • SHA256

      1952313f3a5c3b4e7a1269238dc070301c356bfb876471332d6439b6d3eefd12

    • SHA512

      be0dec723b045afba3799435329b4c6dfa19997a4ba23725236f449990392f8531574eef1bf786bcf36777e7b72314d7210ed9e5508b114ae9a4112613436401

    • SSDEEP

      1536:J1Ep+y0dr95DbEX1sJOSJCZQweMdYU+ZQweMdYU9:HS+y01fbEX+JOk

    Score
    1/10
    • Target

      dotNET_Reactor/VS13ReactorAddin.dll

    • Size

      134KB

    • MD5

      11ca1dfec3eaef207f6393d307cd5815

    • SHA1

      c3e8d5267c6c295a0124dd396026ab07bf28ab09

    • SHA256

      5e0efbda4f047575e7b7cd0ef047bddc7b05d5225f4a98a7d1ac93e28471e742

    • SHA512

      bcac4268e3baf11ae8b8a87d6227f36b3c998040ef5301da5fd24e273d04827a74a5e027feb11decfddacfed2bbd2f86889fde63acf4e5c5c8adbc0e1b7ec935

    • SSDEEP

      1536:xNfSLgOxb0fEonTpODxuHfr97OCzF1KRsNVpbdTRkr1sJOSJ4ZQweMdYUsZQweMc:xtScE8TIDefr97jFARsfpbd14+JOL

    Score
    1/10
    • Target

      dotNET_Reactor/VSPackage/15/dotNETReactorVSPackage.dll

    • Size

      494KB

    • MD5

      0a19a82669aec04520d5e4975483ba6e

    • SHA1

      60a1ef331007b2bb4e1f9f0227343ffc91981a2f

    • SHA256

      6af5fe0ee6ef40d813e22c376dfb0e2f240fd18cc9212370242449c343ab299f

    • SHA512

      b76d54814eee0f2daaa641d3a2de8a89926115a53e13f1dc2a64d39aa7ca60d46c2f324e28b64978b4416c9135238b6bf7cf2b1b85506efe9bbe28940a396431

    • SSDEEP

      768:Hcm08y23H9mFFcYdUtMfxVgkJWDXbcZj5XLwIiiiSSSSSSSSSSiiiiSSSSSSSSS6:8mHAFFcrIhWDXbcZ5w1nZQweMdYUp

    Score
    1/10
    • Target

      dotNET_Reactor/VSPackage/16/dotNETReactorVSPackage.dll

    • Size

      519KB

    • MD5

      64fab9617e4e2d948d68d9c11823039c

    • SHA1

      a708dad42af651055b327a83e45954e368a6d343

    • SHA256

      f4eacdb8c20c93fd4d7d1c4ef2c02c0949ac6eb2a7661a759f18613a100ce3ae

    • SHA512

      4facf00b4e3348836a2ab51f6a442aca790c868e3abbff285a5043b885d82c453c9675717ca513ab33386cd559d2830a2178e16feea13c97d9849492900a098c

    • SSDEEP

      3072:x/1RKji2074wvPR3TbMNRuWwRl1ASqqWT:xl4cPZbTWwRl1ASq

    Score
    1/10
    • Target

      dotNET_Reactor/VSPackage/17/dotNETReactorVSPackage.dll

    • Size

      520KB

    • MD5

      485ef536675fe48be65aa52158db8c75

    • SHA1

      4f621754107cf58d7c45ae613b52ce13347982fc

    • SHA256

      a53c16197c7c83e42c08d3e273e11467f991f85ec804686801c5ffcf073cb2f8

    • SHA512

      44c1abab67a9c19d5f79388ee859dbd439c555c623d49fc286281c33f4fe492b2d02b578ce555711700d84e4de3f47512e532437ae5e15209597bbfceeeb4109

    • SSDEEP

      1536:QLxQ2UWs68E3+BoQYNzJ6K3IbzMOJXRuGO26RciJ191Ak9VViqvn:iBUWsUvNd3IbJ1RuhRl1ASqqvn

    Score
    1/10
    • Target

      dotNET_Reactor/VSPackage/dotNET Reactor VSPackage.dll

    • Size

      79KB

    • MD5

      1d0bcae08d5dbeda966db1c40bfb1e63

    • SHA1

      cd4226f668ba3ec60cb43f07b93cfd6030b33c72

    • SHA256

      467f0149653f4f902e04c09680b3688331dd864d3c5b19a11823700a1088d887

    • SHA512

      e5ae9cc174a0282f492f5740f50e73c40c64ab4de6a4d08f47067dce1321d7e88ce7bfc254bfdd6e5a9092f3d1e8018c9e0f27a0c15087b06ab9cf561c58b7f1

    • SSDEEP

      1536:N8nMmUIi/v3vTJAgcic/CIbLfIruIZQweMdYUD:aMmU5Xs33bsrd

    Score
    1/10
    • Target

      dotNET_Reactor/VSReactorAddin.dll

    • Size

      97KB

    • MD5

      afc9814513e9cfb6a7905f1e6186e195

    • SHA1

      641c75d7f0891fe5a4007b57cff863ee667a6d29

    • SHA256

      a2629e2c3bf06260116bd88b07a8ee4fc8846367c9d8de53608ad5b4aadeb9db

    • SHA512

      34ec4738c20b16fb22f600b0be84647a127d7c134365d53e78b8b3fcc5b38a4a91390503fd4d445b439831fe0fbd4a5bfa70216dc53c8df5daaa2b9f084a5f50

    • SSDEEP

      1536:mnQAvDNONuHEEJTRkfLCbZGCZQweMdYUA1sJOSJE:lAvJKukYdkObZGt+JOt

    Score
    1/10
    • Target

      dotNET_Reactor/VSReactorAddin_Mycc.dll

    • Size

      83KB

    • MD5

      647a20820ac329add083be7bc04f0596

    • SHA1

      fa7ea97a29f9e32921cbe0a9d3093cf9e8f3bcd3

    • SHA256

      05d8a7d2562b9808c3c1bcea19dc7db9ad9ad9f64f21b386d2c7ee67b83e5dc8

    • SHA512

      e191f0e156b6aa2fe66cf884f3ce50c14cb1437b131ec7e64a038a52ee9700529d47f6d08313bcffeefce446e1e0f30c8d489798359448b5b50fb32d269fa95a

    • SSDEEP

      768:aeToqJPCR81M6CJoXKR2TZfWXNKeINdM0mDUNq1Q5DJOSJqb4+Hr9Or3bZGuewL5:aMo3W1HtZQweMdYUA1sJOSJ3iCbZGw

    Score
    1/10
    • Target

      dotNET_Reactor/dotNET_Reactor.Console.exe

    • Size

      34KB

    • MD5

      69d18a3245f3c2fd02c82304c494e977

    • SHA1

      049cda6bc59daeadfe82fce2197e0e15c2847a7b

    • SHA256

      b55b0a652538836ed681c2afd985310fd39ad2f31ac159847fc46a6065f3232e

    • SHA512

      5791cffbc2389eaaf18e4f31c320325d4bdfadf7ab00c847bfedccbea8fec26a3f4452877d00c95e0573e90306d7a2c988c00fcb7d495ac22955c7f64fb047c3

    • SSDEEP

      768:5oOABBREOgrMTPrZwbiRPp7yMkZwuzZyiRYn7:5oHB2OlfZwbixp7yMkZwWZyien7

    Score
    10/10
    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      dotNET_Reactor/dotNET_Reactor.exe

    • Size

      13.3MB

    • MD5

      bd73df4cf427511993075f7a16e037a5

    • SHA1

      63f116641b0655f53e93d62ae559d510ed5af134

    • SHA256

      fa0a32d408a8df70ec44f3d2374b058f57b86ff49b8068b8c68f8505d3463970

    • SHA512

      49ad63e65e1f6a454778c904727c948969145eb09457105093af463d933413a7d30437051c7ddb8ded0b46d38b2018a1a78c83af582ab6775bef870057a9dfc3

    • SSDEEP

      393216:xfuP82nPJiP63TKZqkoPrSz4rkZD1K1fU:xqPIPgTxkqrV6YN

    Score
    10/10
    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      dotNET_Reactor/runtimes/brolib_x64.dll

    • Size

      804KB

    • MD5

      8088c07ec85e0d3149a9ba7c03129d16

    • SHA1

      8341cf644ef0d94e5f7088bb478f19718586284a

    • SHA256

      b3ab6d185c0f2d4af15df8c0af800a5c3dfcd725454da8809a9168587ef3c3e8

    • SHA512

      7bb73483d8b4fad17e5c9792eaf2ecf88347d33aa38d0533579be9b25b516deed292c404334a5f5d242911c4a21e5ce5bc22bbcbed6f1aee4f7003572701ad04

    • SSDEEP

      12288:Or3Tvu99YBDQCzVgi0LQJnN8ZXTw05nmZfRLMIAHhly9UF:OXvcY6JMJSiAmZfRL7Ama

    Score
    1/10
    • Target

      dotNET_Reactor/runtimes/brolib_x86.dll

    • Size

      741KB

    • MD5

      f32f8264a9be91fb4fc76e70943e67ab

    • SHA1

      aa8d5ede0dd3647fb02c5d37c915b7599e0fff45

    • SHA256

      993e764d172013dc43ead42a6d8e807194530957dffa06d5eec9b53e2a00934c

    • SHA512

      1c29004739717c6c360b04bf66542828aad9f34bf0cc37e4a780c2613141c1e846d67b69dd7537479a488064147c5ba9530b4eb9b5171cdff8b5394314174e1e

    • SSDEEP

      12288:xQsZg52nrBEgCF5kD2XFm2+3m2R9h8UXTw05nmZfRWMmAHhlyIu:xs2n1ExkD2XFm2+3m2+fAmZfRWVAx

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks