General
-
Target
Vorion App Setup.exe
-
Size
47.3MB
-
Sample
240703-dcfrmatepc
-
MD5
019deea60b1ed114c79d7e99d6f34c62
-
SHA1
71e928e93900ab62d379104fd0c847f35e6f87ce
-
SHA256
48320cb8fd5ed9a3ccbaf9fc03bd160c3694c79d0efc8a8cf899069fc1d8e677
-
SHA512
8c0ad3b65fe10f9fd16ef54e432b2dbca31343d62820f9ec63028a810bb2088397c2c7db4c2689ca39eceb75f3736379ed31d5d0acdd6784def3ca538a93b3c2
-
SSDEEP
786432:OeMGFdbCRVH/wb1eGgw6lxr7gyvFRN3GQ5PesBc8t9u4lVqwODANujJ7j8:OQdS/wgGg5nr7gy8sBc8Luu8Akj8
Static task
static1
Behavioral task
behavioral1
Sample
Vorion App Setup.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Vorion App Setup.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
stealc
vor21
http://45.132.105.157
-
url_path
/eb155c7506e03ca9.php
Targets
-
-
Target
Vorion App Setup.exe
-
Size
47.3MB
-
MD5
019deea60b1ed114c79d7e99d6f34c62
-
SHA1
71e928e93900ab62d379104fd0c847f35e6f87ce
-
SHA256
48320cb8fd5ed9a3ccbaf9fc03bd160c3694c79d0efc8a8cf899069fc1d8e677
-
SHA512
8c0ad3b65fe10f9fd16ef54e432b2dbca31343d62820f9ec63028a810bb2088397c2c7db4c2689ca39eceb75f3736379ed31d5d0acdd6784def3ca538a93b3c2
-
SSDEEP
786432:OeMGFdbCRVH/wb1eGgw6lxr7gyvFRN3GQ5PesBc8t9u4lVqwODANujJ7j8:OQdS/wgGg5nr7gy8sBc8Luu8Akj8
-
Detects HijackLoader (aka IDAT Loader)
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Suspicious use of SetThreadContext
-