General
-
Target
xerin crack.rar
-
Size
9.9MB
-
Sample
250123-d2f4pa1mam
-
MD5
a15866c548f1e37a3aabce6cc12bdddf
-
SHA1
1473a79dbdaaad906edbdb37962c76b13b9b5b35
-
SHA256
45d90987185d40aa6e0dfccc4076409db0470ea85877e8bad8fcb44cfb68db88
-
SHA512
3eb0642db1f601e4e12126a0b2c54766d6673ba053b207357dbabf5bfa54df6dddac8c5c9f070c51acceca7ae68c2617d4590e5113555600b7bfbfa8bd24544a
-
SSDEEP
196608:8LzjT6/GkXBXYU+6apQLeZ6Jyf6B9XUuOUN63wcEYenX/:IT6ZRXYpiy6w6rNedE9
Malware Config
Targets
-
-
Target
xerin crack.rar
-
Size
9.9MB
-
MD5
a15866c548f1e37a3aabce6cc12bdddf
-
SHA1
1473a79dbdaaad906edbdb37962c76b13b9b5b35
-
SHA256
45d90987185d40aa6e0dfccc4076409db0470ea85877e8bad8fcb44cfb68db88
-
SHA512
3eb0642db1f601e4e12126a0b2c54766d6673ba053b207357dbabf5bfa54df6dddac8c5c9f070c51acceca7ae68c2617d4590e5113555600b7bfbfa8bd24544a
-
SSDEEP
196608:8LzjT6/GkXBXYU+6apQLeZ6Jyf6B9XUuOUN63wcEYenX/:IT6ZRXYpiy6w6rNedE9
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-