General

  • Target

    xerin crack.rar

  • Size

    9.9MB

  • Sample

    250123-d2f4pa1mam

  • MD5

    a15866c548f1e37a3aabce6cc12bdddf

  • SHA1

    1473a79dbdaaad906edbdb37962c76b13b9b5b35

  • SHA256

    45d90987185d40aa6e0dfccc4076409db0470ea85877e8bad8fcb44cfb68db88

  • SHA512

    3eb0642db1f601e4e12126a0b2c54766d6673ba053b207357dbabf5bfa54df6dddac8c5c9f070c51acceca7ae68c2617d4590e5113555600b7bfbfa8bd24544a

  • SSDEEP

    196608:8LzjT6/GkXBXYU+6apQLeZ6Jyf6B9XUuOUN63wcEYenX/:IT6ZRXYpiy6w6rNedE9

Malware Config

Targets

    • Target

      xerin crack.rar

    • Size

      9.9MB

    • MD5

      a15866c548f1e37a3aabce6cc12bdddf

    • SHA1

      1473a79dbdaaad906edbdb37962c76b13b9b5b35

    • SHA256

      45d90987185d40aa6e0dfccc4076409db0470ea85877e8bad8fcb44cfb68db88

    • SHA512

      3eb0642db1f601e4e12126a0b2c54766d6673ba053b207357dbabf5bfa54df6dddac8c5c9f070c51acceca7ae68c2617d4590e5113555600b7bfbfa8bd24544a

    • SSDEEP

      196608:8LzjT6/GkXBXYU+6apQLeZ6Jyf6B9XUuOUN63wcEYenX/:IT6ZRXYpiy6w6rNedE9

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks