General
-
Target
Xerin v3.0.0.59.rar
-
Size
4.7MB
-
Sample
250120-ew76na1jgw
-
MD5
b1b9ce6a455649253783c7b2f9073d27
-
SHA1
547e7f647694c8a2f6766446709f035be4d236b4
-
SHA256
d33a9c6c7e86f71ffdc4eed91a9901f7bd2b973d0cf5e22679438d607119c224
-
SHA512
da2d6d6c54015fb073f0f55435edf9a03330c16c39542e6c97b0114bd5d5f86d7934f030e7bd50800f2e5ae22c0442605daedbc24b4b511da40239836386ffc0
-
SSDEEP
98304:o3DRzDUwPjyz2s3JiExI5+Xy14+mgvvxFsT+qftqCdc:UNzjrYJZ5jXWXjU+UtI
Malware Config
Targets
-
-
Target
Xerin v3.0.0.59.rar
-
Size
4.7MB
-
MD5
b1b9ce6a455649253783c7b2f9073d27
-
SHA1
547e7f647694c8a2f6766446709f035be4d236b4
-
SHA256
d33a9c6c7e86f71ffdc4eed91a9901f7bd2b973d0cf5e22679438d607119c224
-
SHA512
da2d6d6c54015fb073f0f55435edf9a03330c16c39542e6c97b0114bd5d5f86d7934f030e7bd50800f2e5ae22c0442605daedbc24b4b511da40239836386ffc0
-
SSDEEP
98304:o3DRzDUwPjyz2s3JiExI5+Xy14+mgvvxFsT+qftqCdc:UNzjrYJZ5jXWXjU+UtI
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-