General

  • Target

    xerinfuscator.zip

  • Size

    10.4MB

  • Sample

    250109-wpwygswqbz

  • MD5

    382ffb362e481e1fb534b55a927fe793

  • SHA1

    5c22acdf4436c85b88d9848b6db415a2192c70cc

  • SHA256

    1527d0024d22f1250dcc0961043401bc9fd287ea0861078b931e1ab12c3a4925

  • SHA512

    d76d2cbeb4bf37f7fcca1b4c55e8c008a2bbef04cb025bbbaad1f5b8b0da0baa163177a0620a5fc1300bbd18d042750fd92f466f325760c6badb7e0e1bacbf5d

  • SSDEEP

    196608:bqdYVjY+zFTuym/YTkpH3KKDVYJarjC94sQzbu/Qvvcb3OvIPRX1v3jOYAThr:b1xzdYNH3KKhYJarV+Q8yGX5zGt

Score
7/10

Malware Config

Targets

    • Target

      emu/KeyAuthEmu1.3.exe

    • Size

      135KB

    • MD5

      6a1e370f2ea783fe05fc4e7e8f2bb0fe

    • SHA1

      1b974c9ed7ce6442ba1947c64d6f1ddaff75c775

    • SHA256

      93482943e4b184bf53b7b19c460fd273d24c5faf0ec98b7c2e2e1e7eee9282ac

    • SHA512

      ec6f585f81622bb6dacedbeda7ce37b4f4969c576a2b32402aa5228b8087e94a7dba570870698dadf40dab1db9b87c1a502fbc5a035edb4b037662903b929714

    • SSDEEP

      3072:zhK4Uay3XrQ8habqgp9pC9Z6p5uf3C6k0xuZ04ntfx9RhBur:zhK4XycqgpfCup5sVxuZ041RhA

    Score
    7/10
    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks