General

  • Target

    Xerin v3.0.0.59.rar

  • Size

    4.7MB

  • Sample

    250120-ew76na1jgw

  • MD5

    b1b9ce6a455649253783c7b2f9073d27

  • SHA1

    547e7f647694c8a2f6766446709f035be4d236b4

  • SHA256

    d33a9c6c7e86f71ffdc4eed91a9901f7bd2b973d0cf5e22679438d607119c224

  • SHA512

    da2d6d6c54015fb073f0f55435edf9a03330c16c39542e6c97b0114bd5d5f86d7934f030e7bd50800f2e5ae22c0442605daedbc24b4b511da40239836386ffc0

  • SSDEEP

    98304:o3DRzDUwPjyz2s3JiExI5+Xy14+mgvvxFsT+qftqCdc:UNzjrYJZ5jXWXjU+UtI

Score
7/10

Malware Config

Targets

    • Target

      Xerin v3.0.0.59.rar

    • Size

      4.7MB

    • MD5

      b1b9ce6a455649253783c7b2f9073d27

    • SHA1

      547e7f647694c8a2f6766446709f035be4d236b4

    • SHA256

      d33a9c6c7e86f71ffdc4eed91a9901f7bd2b973d0cf5e22679438d607119c224

    • SHA512

      da2d6d6c54015fb073f0f55435edf9a03330c16c39542e6c97b0114bd5d5f86d7934f030e7bd50800f2e5ae22c0442605daedbc24b4b511da40239836386ffc0

    • SSDEEP

      98304:o3DRzDUwPjyz2s3JiExI5+Xy14+mgvvxFsT+qftqCdc:UNzjrYJZ5jXWXjU+UtI

    Score
    7/10
    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks