Extracted

• • Target

    Spectra Setup.exe

  • Size

    47.6MB

  • MD5

    9865ea7b0c864c9cb7b402d719cc866e

  • SHA1

    dc9e1f78e8b7211ed2390a513cfb1f42d1468c6e

  • SHA256

    cced68e78da1e155cdc09eec9df2bd6e41d8597fbc0084b10e741ebebe7f46b7

  • SHA512

    0ad597ce5bb9f526143574bfaf29076b1ce8dac69b5750b83406914e2005a9f21039f438b05fb03f1c808c93b0f57811c1e4f1c46dd44e10ccf71efca880e4f2

  • SSDEEP

    786432:rjNnc3RM8Wugj/yqiJgNlGxnvG6yRDiWH/9e03f2kzszUyIoBMPj+mRPF:rjNncBG/7i2unvRyx/Z+HIoBa7

  Score

  10^/10

  hijackloaderrhadamanthysstealcdoralands1discoveryexecutionloaderspywarestealer

  • Detects HijackLoader (aka IDAT Loader)

  • HijackLoader

    HijackLoader is a multistage loader first seen in 2023.

    loaderhijackloader

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Downloads MZ/PE file

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2