7718bdc8b99522e2c42840661fcfb1b91f24166bf158fde9652f500a48e5d97b | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Юрич �...37.exe

windows11-21h2-x64

8

Sharing

General

Target

Юрич лох_Installer1337.exe
Size

507.9MB
Sample

240424-vh4jbade9z
MD5

7d55ddc6f290159b18164ad03c0fc2e6
SHA1

932d94cea968e2150689bd1b72ab58c6ebfb366f
SHA256

7718bdc8b99522e2c42840661fcfb1b91f24166bf158fde9652f500a48e5d97b
SHA512

93c763f0876f3b3d91db458b00fb9751b39753bbf4f76cfcbb517b5ef0c439ce2348f3d3f026383bb91a0749bce9d66e178c00b331b7a8e21c375d29cb19c871
SSDEEP

12582912:fl9dtnPJKNPA9BcVtYJrNDQBuf1ymIG7ZhD+NaPe0f:flhP+BIrNDmutymx1ANoeO

Score

8^/10

discovery evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Юрич лох_Installer1337.exe

Resource

win11-20240412-en

discovery evasion persistence

windows11-21h2-x64

24 signatures

300 seconds

Malware Config

Targets

- Target
  
  Юрич лох_Installer1337.exe
- Size
  
  507.9MB
- MD5
  
  7d55ddc6f290159b18164ad03c0fc2e6
- SHA1
  
  932d94cea968e2150689bd1b72ab58c6ebfb366f
- SHA256
  
  7718bdc8b99522e2c42840661fcfb1b91f24166bf158fde9652f500a48e5d97b
- SHA512
  
  93c763f0876f3b3d91db458b00fb9751b39753bbf4f76cfcbb517b5ef0c439ce2348f3d3f026383bb91a0749bce9d66e178c00b331b7a8e21c375d29cb19c871
- SSDEEP
  
  12582912:fl9dtnPJKNPA9BcVtYJrNDQBuf1ymIG7ZhD+NaPe0f:flhP+BIrNDmutymx1ANoeO
Score

8^/10

discovery evasion persistence
- Modifies Windows Firewall
  evasion
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionpersistence

© 2018-2024

Terms | Privacy