General
-
Target
xerin crack.rar
-
Size
9.8MB
-
Sample
250120-ex6zzs1mem
-
MD5
22c617e01518b7af9cf89c109185631e
-
SHA1
3a59de9b90ef48caae36bf62d8f09bb00b3fc0f2
-
SHA256
a94de5946f421edbc0bb42120a92120298229e9cfc704ebe62f36618f85d4326
-
SHA512
7a48b734a7bbc13fb11451dff9074a120527eba7198258eb9c14aaf3601411e50531a2870ef85a710b29e167aa8490806fde0102aef8f3641341b3a0c868d9c8
-
SSDEEP
196608:4ZzjTATGyXYXtU+zapQLeZ6Jyf6B9XUuOUN63wcEYonJ:eTAPoXtpby6w6rNedE9
Malware Config
Targets
-
-
Target
xerin crack.rar
-
Size
9.8MB
-
MD5
22c617e01518b7af9cf89c109185631e
-
SHA1
3a59de9b90ef48caae36bf62d8f09bb00b3fc0f2
-
SHA256
a94de5946f421edbc0bb42120a92120298229e9cfc704ebe62f36618f85d4326
-
SHA512
7a48b734a7bbc13fb11451dff9074a120527eba7198258eb9c14aaf3601411e50531a2870ef85a710b29e167aa8490806fde0102aef8f3641341b3a0c868d9c8
-
SSDEEP
196608:4ZzjTATGyXYXtU+zapQLeZ6Jyf6B9XUuOUN63wcEYonJ:eTAPoXtpby6w6rNedE9
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-