Rainbows, Steganography and Malware in a new .NET cryptor | Malwarebytes Labs
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 |
Common Information
| Type | Value |
|---|---|
| UUID | 9cee44dc-41af-472b-9ef1-edce0825b63f |
| Fingerprint | 3c1379e9f8051ff2 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 7, 2015, midnight |
| Added to db | Jan. 18, 2023, 8:35 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Rainbows, Steganography and Malware in a new .NET cryptor |
| Title | Rainbows, Steganography and Malware in a new .NET cryptor | Malwarebytes Labs |
| Detected Hints/Tags/Attributes | 46/1/25 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | decoder.py |
|
| Details | Domain | 1 | stream1.read |
|
| Details | Domain | 7 | random.next |
|
| Details | File | 1 | discuri.exe |
|
| Details | File | 1 | ermhcla.dll |
|
| Details | File | 2 | major.exe |
|
| Details | File | 55 | payload.exe |
|
| Details | File | 1 | bytes.txt |
|
| Details | File | 1 | rev_key.txt |
|
| Details | File | 2 | decoder.py |
|
| Details | File | 103 | regasm.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 48 | applaunch.exe |
|
| Details | File | 72 | regsvcs.exe |
|
| Details | File | 2 | efs.exe |
|
| Details | File | 1 | cryptsvc.exe |
|
| Details | File | 1 | %appdata%\microsoft\windows\templates\takshost.exe |
|
| Details | File | 1 | %appdata%\microsoft\windows:\cryptsvc.exe |
|
| Details | File | 3 | config.jpg |
|
| Details | md5 | 1 | c215514941f8d99f23642050a6efbbf1 |
|
| Details | md5 | 1 | 7b29954d5cbe7ca9dcd3218476afa133 |
|
| Details | md5 | 1 | 35d92229414f00a5335cc9957819b5d0 |
|
| Details | md5 | 1 | 8b17d0360521852d87e07f3ca66a5ac7 |
|
| Details | md5 | 1 | 88fbb83445929812deaae6da358d0b7c |
|
| Details | IPv4 | 1 | 198.46.81.172 |