General

  • Target

    1337SpooferSetup.exe

  • Size

    4.3MB

  • Sample

    241222-w1438svrhk

  • MD5

    aa0caf7f35863630a4346b38a4b93feb

  • SHA1

    59dc431eb64a454091fe46d7b558d43050a98e9a

  • SHA256

    3ef7e7ec9573f151b07fa12204be8142f74dcf3f60117cc6ab6da4358f230c81

  • SHA512

    fb897a8dfebde048793228484b9464a303412296b61b954e81d9e19618ff923a033c6a41afd1a19365b5eb8d1dc1d9b6d414d2885899112748df05684df591c4

  • SSDEEP

    98304:RwREPS1/VRKM8/idJzdvPdSJSGc3RuRJ9mhSVCsvehybenaReX+:DPyzK2d3vVphcmhg0eD++

Score
7/10

Malware Config

Targets

    • Target

      1337SpooferSetup.exe

    • Size

      4.3MB

    • MD5

      aa0caf7f35863630a4346b38a4b93feb

    • SHA1

      59dc431eb64a454091fe46d7b558d43050a98e9a

    • SHA256

      3ef7e7ec9573f151b07fa12204be8142f74dcf3f60117cc6ab6da4358f230c81

    • SHA512

      fb897a8dfebde048793228484b9464a303412296b61b954e81d9e19618ff923a033c6a41afd1a19365b5eb8d1dc1d9b6d414d2885899112748df05684df591c4

    • SSDEEP

      98304:RwREPS1/VRKM8/idJzdvPdSJSGc3RuRJ9mhSVCsvehybenaReX+:DPyzK2d3vVphcmhg0eD++

    Score
    7/10
    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks