General
-
Target
xerin crack.rar
-
Size
9.8MB
-
Sample
250121-z3b21s1qel
-
MD5
a3b3eaa8abf511a32a15b88cff22c1b3
-
SHA1
1f7b5ac08993267bd38197600c94c01ff03cb19e
-
SHA256
e330f6393bb496647274669ed971d1cc11e869b6a2e4cc6de9ff81a5e3facc98
-
SHA512
0ab044256f90033644b19e18a43cb9ca3d6513c47ab178b31589e108d14dc8f95e0fdbab74db6f6ba2ac3899ba138bcf588abf73c983e722dc3eb378c113f304
-
SSDEEP
196608:LZzjTATGyXYXtU+zapQLeZ6Jyf6B9XUuOUN63wcEYon6:VTAPoXtpby6w6rNedE2
Malware Config
Targets
-
-
Target
xerin crack.rar
-
Size
9.8MB
-
MD5
a3b3eaa8abf511a32a15b88cff22c1b3
-
SHA1
1f7b5ac08993267bd38197600c94c01ff03cb19e
-
SHA256
e330f6393bb496647274669ed971d1cc11e869b6a2e4cc6de9ff81a5e3facc98
-
SHA512
0ab044256f90033644b19e18a43cb9ca3d6513c47ab178b31589e108d14dc8f95e0fdbab74db6f6ba2ac3899ba138bcf588abf73c983e722dc3eb378c113f304
-
SSDEEP
196608:LZzjTATGyXYXtU+zapQLeZ6Jyf6B9XUuOUN63wcEYon6:VTAPoXtpby6w6rNedE2
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-