ObfuscatedNETDropper
.NET 4.0 dropper with heavy obfuscation. Future timestamp anti-analysis. RSA+AES crypto (RSACryptoServiceProvider + AesCryptoServiceProvider). Drops randomly named Efyfqp.exe payload. Long random obfuscated strings. GUID {1F4B02DF-696E-486A-8B35-F56CCA1C23C6}.
Threat Profile
Type
Loader
Programming LanguageC#/.NET
C2 ProtocolUnknown
First Seen2024
Targets
Küresel
Purpose / Capabilities
- Payload Dropper/Loader
No C2 servers have been identified for this family yet.
Research Reports (1)
ObfuscatedNETDropper 670781d0 -- Gelecek Tarih Timestamp Anti-Analiz, AesCryptoServiceProvider RSACryptoServiceProvider NET Crypto, Efyfqp.exe Karismik Yeniden Adlandirma, Uzun Rastgele Obfuske Stringler | Orta
ObfuscatedNETDropper 670781d0 PE32 .NET x86 605KB. Gelecek tarih timestamp anti-analiz. AesCryptoServiceProvider RSACryptoServiceProvider. Efyfqp.exe karisman yeniden adlandirma. Uzun rastgele obfuske stringler.
Read Report →