NETDropper
.NET dropper using Spanish invoice lure (Factura). Drops XZvu.exe embedded PE payload. AES encryption (TAes! reference). Entropy 7.90 maximum packing. Pure .NET binary (single import mscoree.dll). System.Drawing.Bitmap image manipulation.
Threat Profile
Type
Loader
Programming LanguageC#/.NET
C2 ProtocolHTTPS
First Seen2023
Targets
Latin Amerika/İspanya
Purpose / Capabilities
- dropper
No C2 servers have been identified for this family yet.
Research Reports (1)
NETDropper Facturaelectriccorrespo -- XZvu.exe Gomulu PE Payload, Entropi 7.90 Maksimum Paketleme, TAes AES Sifreleme Kaniti, mscoree.dll Tek Import Pure NET Binary | Yuksek
NETDropper Facturaelectriccorrespo ZIP 948KB net PE 1MB. XZvu.exe gomulu PE payload. Entropi 7.90 maksimum paketleme. TAes AES sifreleme. mscoree.dll tek import pure NET binary.
Read Report →