2024-10-12_d4a2ce84aaa7a18806aa204088a901a1_hiddentear_hijackloader

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-12_d4a2ce84aaa7a18806aa204088a901a1_hiddentear_hijackloader
Size

248KB
MD5

d4a2ce84aaa7a18806aa204088a901a1
SHA1

eea84510de73479ca0a9a16f78c881b34e2d0cce
SHA256

2139427e9a599404937ca12273739f3c384b2c2eded48f7428f1c3eec856b794
SHA512

9dc8e7a013909170c0c909fdb42a579f41fcf692131190fa16f92956261b9381876d9e0b3455b80809c1db4ae468a70caa455818753e3544196aef5dab165280
SSDEEP

3072:EmdKeUVx9ERGFCVuhgm7NiIzi3UfbucyOPQysNHvomauAM+lmsolAIrRuw+mqv94:ENeUiGFCVLsNiIr6hjNHvauT+lDAAw

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Files

2024-10-12_d4a2ce84aaa7a18806aa204088a901a1_hiddentear_hijackloader
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7c:0f:9e:6a:af:10:f8:4c:89:3a:cd:43:5c:d7:f8:fd
Certificate

Issuer

CN=Moscow LLC,OU=666,O=KITCHEN,L=emulation,ST=Z,C=Z

Not Before

09-10-2024 03:14

Not After

08-10-2025 00:00

Subject

CN=Moscow LLC,OU=666,O=KITCHEN,L=emulation,ST=Z,C=Z

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26-09-2024 00:00

Not After

25-11-2035 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:0f:9e:6a:af:10:f8:4c:89:3a:cd:43:5c:d7:f8:fd
Certificate

Issuer

CN=Moscow LLC,OU=666,O=KITCHEN,L=emulation,ST=Z,C=Z

Not Before

09-10-2024 03:14

Not After

08-10-2025 00:00

Subject

CN=Moscow LLC,OU=666,O=KITCHEN,L=emulation,ST=Z,C=Z

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26-09-2024 00:00

Not After

25-11-2035 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:9c:3d:08:13:1e:dd:0f:3a:a5:9e:a7:f3:54:1b:69:eb:13:97:bd:ba:c3:bc:14:4b:5a:ac:ce:9a:c1:4b:19
Signer

Actual PE Digest

55:9c:3d:08:13:1e:dd:0f:3a:a5:9e:a7:f3:54:1b:69:eb:13:97:bd:ba:c3:bc:14:4b:5a:ac:ce:9a:c1:4b:19

Digest Algorithm

sha256

PE Digest Matches

true

43:cc:be:ec:c0:57:5b:74:35:91:d1:09:82:0d:2e:6a:01:0b:e5:27
Signer

Actual PE Digest

43:cc:be:ec:c0:57:5b:74:35:91:d1:09:82:0d:2e:6a:01:0b:e5:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7c:0f:9e:6a:af:10:f8:4c:89:3a:cd:43:5c:d7:f8:fdCertificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

7c:0f:9e:6a:af:10:f8:4c:89:3a:cd:43:5c:d7:f8:fdCertificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

55:9c:3d:08:13:1e:dd:0f:3a:a5:9e:a7:f3:54:1b:69:eb:13:97:bd:ba:c3:bc:14:4b:5a:ac:ce:9a:c1:4b:19Signer

43:cc:be:ec:c0:57:5b:74:35:91:d1:09:82:0d:2e:6a:01:0b:e5:27Signer

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 134KB - Virtual size: 133KB

.rsrc Size: 99KB - Virtual size: 98KB

.reloc Size: 512B - Virtual size: 12B

7c:0f:9e:6a:af:10:f8:4c:89:3a:cd:43:5c:d7:f8:fd
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

7c:0f:9e:6a:af:10:f8:4c:89:3a:cd:43:5c:d7:f8:fd
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

55:9c:3d:08:13:1e:dd:0f:3a:a5:9e:a7:f3:54:1b:69:eb:13:97:bd:ba:c3:bc:14:4b:5a:ac:ce:9a:c1:4b:19
Signer

43:cc:be:ec:c0:57:5b:74:35:91:d1:09:82:0d:2e:6a:01:0b:e5:27
Signer

.text
Size: 134KB - Virtual size: 133KB

.rsrc
Size: 99KB - Virtual size: 98KB

.reloc
Size: 512B - Virtual size: 12B