General

  • Target

    xerin crack.rar

  • Size

    9.8MB

  • Sample

    250121-z3b21s1qel

  • MD5

    a3b3eaa8abf511a32a15b88cff22c1b3

  • SHA1

    1f7b5ac08993267bd38197600c94c01ff03cb19e

  • SHA256

    e330f6393bb496647274669ed971d1cc11e869b6a2e4cc6de9ff81a5e3facc98

  • SHA512

    0ab044256f90033644b19e18a43cb9ca3d6513c47ab178b31589e108d14dc8f95e0fdbab74db6f6ba2ac3899ba138bcf588abf73c983e722dc3eb378c113f304

  • SSDEEP

    196608:LZzjTATGyXYXtU+zapQLeZ6Jyf6B9XUuOUN63wcEYon6:VTAPoXtpby6w6rNedE2

Malware Config

Targets

    • Target

      xerin crack.rar

    • Size

      9.8MB

    • MD5

      a3b3eaa8abf511a32a15b88cff22c1b3

    • SHA1

      1f7b5ac08993267bd38197600c94c01ff03cb19e

    • SHA256

      e330f6393bb496647274669ed971d1cc11e869b6a2e4cc6de9ff81a5e3facc98

    • SHA512

      0ab044256f90033644b19e18a43cb9ca3d6513c47ab178b31589e108d14dc8f95e0fdbab74db6f6ba2ac3899ba138bcf588abf73c983e722dc3eb378c113f304

    • SSDEEP

      196608:LZzjTATGyXYXtU+zapQLeZ6Jyf6B9XUuOUN63wcEYon6:VTAPoXtpby6w6rNedE2

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks