General
-
Target
Everspy RAT FREE LIMITED.zip
-
Size
354.1MB
-
Sample
241221-ypvfrsylap
-
MD5
b8b348da022f9be8a7c19b26903d2e0b
-
SHA1
e0b53e6f267ef2c2663913eabbb2f011d48acd91
-
SHA256
c0c1833dc1ee818677c332baa2717bf12f7b571fb6143b87236e72fd67db71d9
-
SHA512
6f2dac61f07e94d8ea8a88eadceae248fd48bf3c111947e61484def7aa3b3aed8efc1702582e4c499da39e7008ff04734e83718f8653464b2fa5e5bd853a9705
-
SSDEEP
6291456:DfAGSHZYDo48um5a3fs7mez1kP7Lc4rA6ZCknids2RMAc0JTYF+:DAUozuIa3fYz1kTLc4rE1pMeTA+
Malware Config
Targets
-
-
Target
Everspy RAT FREE LIMITED.zip
-
Size
354.1MB
-
MD5
b8b348da022f9be8a7c19b26903d2e0b
-
SHA1
e0b53e6f267ef2c2663913eabbb2f011d48acd91
-
SHA256
c0c1833dc1ee818677c332baa2717bf12f7b571fb6143b87236e72fd67db71d9
-
SHA512
6f2dac61f07e94d8ea8a88eadceae248fd48bf3c111947e61484def7aa3b3aed8efc1702582e4c499da39e7008ff04734e83718f8653464b2fa5e5bd853a9705
-
SSDEEP
6291456:DfAGSHZYDo48um5a3fs7mez1kP7Lc4rA6ZCknids2RMAc0JTYF+:DAUozuIa3fYz1kTLc4rE1pMeTA+
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-