2024-10-30_c9ad8f950e975cecfc2e85b79326b4f4_hiddentear_hijackloader

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-30_c9ad8f950e975cecfc2e85b79326b4f4_hiddentear_hijackloader
Size

350KB
MD5

c9ad8f950e975cecfc2e85b79326b4f4
SHA1

aecc6400d68559ba92637292644ade24e02b9ddb
SHA256

c9997d5664a47fac12a286025f182ae425a9cf65795ec237b9649a45348273d3
SHA512

0b8825ae1b9bfbf408768c50129c0274ff1b62a1dbe325a3bc8803715ea64059a4c5b898a35e2b32465930f426d713cbf28c4fc2e1f1c6a673163d9aa0d34418
SSDEEP

3072:GUBA5vrL4pq/LABoKxhuKqoa4HLImWV2l+Rp954GvmoLA+rH8BJMM+lmsolAIrRL:05X4pyLAidskFRxrvq+lDAAs

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
sample	net_reactor

Files

2024-10-30_c9ad8f950e975cecfc2e85b79326b4f4_hiddentear_hijackloader
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

bf:cb:bb:55:c8:28:57:44:90:5d:fa:39:2e:25:2e:50
Certificate

Issuer

CN=sverka,OU=213,O=Audit LLC,L=Mountain,ST=404,C=ru

Not Before

30-10-2024 02:47

Not After

31-10-2025 00:00

Subject

CN=sverka,OU=213,O=Audit LLC,L=Mountain,ST=404,C=ru

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26-09-2024 00:00

Not After

25-11-2035 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bf:cb:bb:55:c8:28:57:44:90:5d:fa:39:2e:25:2e:50
Certificate

Issuer

CN=sverka,OU=213,O=Audit LLC,L=Mountain,ST=404,C=ru

Not Before

30-10-2024 02:47

Not After

31-10-2025 00:00

Subject

CN=sverka,OU=213,O=Audit LLC,L=Mountain,ST=404,C=ru

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26-09-2024 00:00

Not After

25-11-2035 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:06:a1:b1:05:f0:4a:56:4b:2a:3a:02:97:f9:6c:72:50:d1:ae:cf:71:ed:64:05:d9:e4:18:3c:b1:77:64:35
Signer

Actual PE Digest

d0:06:a1:b1:05:f0:4a:56:4b:2a:3a:02:97:f9:6c:72:50:d1:ae:cf:71:ed:64:05:d9:e4:18:3c:b1:77:64:35

Digest Algorithm

sha256

PE Digest Matches

true

3e:7d:40:a5:ca:9f:e0:b5:1e:06:dd:a7:e4:f6:a9:28:81:ab:6e:ed
Signer

Actual PE Digest

3e:7d:40:a5:ca:9f:e0:b5:1e:06:dd:a7:e4:f6:a9:28:81:ab:6e:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

bf:cb:bb:55:c8:28:57:44:90:5d:fa:39:2e:25:2e:50Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

bf:cb:bb:55:c8:28:57:44:90:5d:fa:39:2e:25:2e:50Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

d0:06:a1:b1:05:f0:4a:56:4b:2a:3a:02:97:f9:6c:72:50:d1:ae:cf:71:ed:64:05:d9:e4:18:3c:b1:77:64:35Signer

3e:7d:40:a5:ca:9f:e0:b5:1e:06:dd:a7:e4:f6:a9:28:81:ab:6e:edSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 236KB - Virtual size: 235KB

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 512B - Virtual size: 12B

bf:cb:bb:55:c8:28:57:44:90:5d:fa:39:2e:25:2e:50
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

bf:cb:bb:55:c8:28:57:44:90:5d:fa:39:2e:25:2e:50
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

d0:06:a1:b1:05:f0:4a:56:4b:2a:3a:02:97:f9:6c:72:50:d1:ae:cf:71:ed:64:05:d9:e4:18:3c:b1:77:64:35
Signer

3e:7d:40:a5:ca:9f:e0:b5:1e:06:dd:a7:e4:f6:a9:28:81:ab:6e:ed
Signer

.text
Size: 236KB - Virtual size: 235KB

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 512B - Virtual size: 12B