General

  • Target

    Everspy RAT FREE LIMITED.zip

  • Size

    354.1MB

  • Sample

    241221-ypvfrsylap

  • MD5

    b8b348da022f9be8a7c19b26903d2e0b

  • SHA1

    e0b53e6f267ef2c2663913eabbb2f011d48acd91

  • SHA256

    c0c1833dc1ee818677c332baa2717bf12f7b571fb6143b87236e72fd67db71d9

  • SHA512

    6f2dac61f07e94d8ea8a88eadceae248fd48bf3c111947e61484def7aa3b3aed8efc1702582e4c499da39e7008ff04734e83718f8653464b2fa5e5bd853a9705

  • SSDEEP

    6291456:DfAGSHZYDo48um5a3fs7mez1kP7Lc4rA6ZCknids2RMAc0JTYF+:DAUozuIa3fYz1kTLc4rE1pMeTA+

Malware Config

Targets

    • Target

      Everspy RAT FREE LIMITED.zip

    • Size

      354.1MB

    • MD5

      b8b348da022f9be8a7c19b26903d2e0b

    • SHA1

      e0b53e6f267ef2c2663913eabbb2f011d48acd91

    • SHA256

      c0c1833dc1ee818677c332baa2717bf12f7b571fb6143b87236e72fd67db71d9

    • SHA512

      6f2dac61f07e94d8ea8a88eadceae248fd48bf3c111947e61484def7aa3b3aed8efc1702582e4c499da39e7008ff04734e83718f8653464b2fa5e5bd853a9705

    • SSDEEP

      6291456:DfAGSHZYDo48um5a3fs7mez1kP7Lc4rA6ZCknids2RMAc0JTYF+:DAUozuIa3fYz1kTLc4rE1pMeTA+

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks