13e4828dab5f4bb756b0344cf75aa170dfbb045e991a2ea02f040b1d2e32ef58 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

Employee.exe

windows7-x64

7

Employee.exe

windows10-2004-x64

7

Sharing

General

Target

Employee.exe
Size

15.5MB
Sample

240719-t345xatdnd
MD5

94781760555781b76e9588585b4ee9dc
SHA1

af67e2dfdb2dc7f4478d2395808863108d079437
SHA256

13e4828dab5f4bb756b0344cf75aa170dfbb045e991a2ea02f040b1d2e32ef58
SHA512

ab8a110139cedf439630531b72da736f369b0379e53e89a2c78122ced7f27ed74e908a3317640272f0805c46a7b27aee2a59fe400dd53c1702ebdcfe4362b46a
SSDEEP

98304:JdLzoR0QyIxk2qv+MtK7i9C+88888888888SH:JdLzoR0sqv+MkO9

Score

7^/10

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Employee.exe

Resource

win7-20240708-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Employee.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  Employee.exe
- Size
  
  15.5MB
- MD5
  
  94781760555781b76e9588585b4ee9dc
- SHA1
  
  af67e2dfdb2dc7f4478d2395808863108d079437
- SHA256
  
  13e4828dab5f4bb756b0344cf75aa170dfbb045e991a2ea02f040b1d2e32ef58
- SHA512
  
  ab8a110139cedf439630531b72da736f369b0379e53e89a2c78122ced7f27ed74e908a3317640272f0805c46a7b27aee2a59fe400dd53c1702ebdcfe4362b46a
- SSDEEP
  
  98304:JdLzoR0QyIxk2qv+MtK7i9C+88888888888SH:JdLzoR0sqv+MkO9
Score

7^/10
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy