General
-
Target
xerinfuscator.zip
-
Size
10.4MB
-
Sample
250109-wpwygswqbz
-
MD5
382ffb362e481e1fb534b55a927fe793
-
SHA1
5c22acdf4436c85b88d9848b6db415a2192c70cc
-
SHA256
1527d0024d22f1250dcc0961043401bc9fd287ea0861078b931e1ab12c3a4925
-
SHA512
d76d2cbeb4bf37f7fcca1b4c55e8c008a2bbef04cb025bbbaad1f5b8b0da0baa163177a0620a5fc1300bbd18d042750fd92f466f325760c6badb7e0e1bacbf5d
-
SSDEEP
196608:bqdYVjY+zFTuym/YTkpH3KKDVYJarjC94sQzbu/Qvvcb3OvIPRX1v3jOYAThr:b1xzdYNH3KKhYJarV+Q8yGX5zGt
Malware Config
Targets
-
-
Target
emu/KeyAuthEmu1.3.exe
-
Size
135KB
-
MD5
6a1e370f2ea783fe05fc4e7e8f2bb0fe
-
SHA1
1b974c9ed7ce6442ba1947c64d6f1ddaff75c775
-
SHA256
93482943e4b184bf53b7b19c460fd273d24c5faf0ec98b7c2e2e1e7eee9282ac
-
SHA512
ec6f585f81622bb6dacedbeda7ce37b4f4969c576a2b32402aa5228b8087e94a7dba570870698dadf40dab1db9b87c1a502fbc5a035edb4b037662903b929714
-
SSDEEP
3072:zhK4Uay3XrQ8habqgp9pC9Z6p5uf3C6k0xuZ04ntfx9RhBur:zhK4XycqgpfCup5sVxuZ041RhA
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-