General

  • Target

    xerin crack.rar

  • Size

    9.8MB

  • Sample

    250120-ex6zzs1mem

  • MD5

    22c617e01518b7af9cf89c109185631e

  • SHA1

    3a59de9b90ef48caae36bf62d8f09bb00b3fc0f2

  • SHA256

    a94de5946f421edbc0bb42120a92120298229e9cfc704ebe62f36618f85d4326

  • SHA512

    7a48b734a7bbc13fb11451dff9074a120527eba7198258eb9c14aaf3601411e50531a2870ef85a710b29e167aa8490806fde0102aef8f3641341b3a0c868d9c8

  • SSDEEP

    196608:4ZzjTATGyXYXtU+zapQLeZ6Jyf6B9XUuOUN63wcEYonJ:eTAPoXtpby6w6rNedE9

Malware Config

Targets

    • Target

      xerin crack.rar

    • Size

      9.8MB

    • MD5

      22c617e01518b7af9cf89c109185631e

    • SHA1

      3a59de9b90ef48caae36bf62d8f09bb00b3fc0f2

    • SHA256

      a94de5946f421edbc0bb42120a92120298229e9cfc704ebe62f36618f85d4326

    • SHA512

      7a48b734a7bbc13fb11451dff9074a120527eba7198258eb9c14aaf3601411e50531a2870ef85a710b29e167aa8490806fde0102aef8f3641341b3a0c868d9c8

    • SSDEEP

      196608:4ZzjTATGyXYXtU+zapQLeZ6Jyf6B9XUuOUN63wcEYonJ:eTAPoXtpby6w6rNedE9

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks