ObfuscatedNETDropper

.NET 4.0 dropper with heavy obfuscation. Future timestamp anti-analysis. RSA+AES crypto (RSACryptoServiceProvider + AesCryptoServiceProvider). Drops randomly named Efyfqp.exe payload. Long random obfuscated strings. GUID {1F4B02DF-696E-486A-8B35-F56CCA1C23C6}.

Threat Profile
Type Loader
Programming LanguageC#/.NET
C2 ProtocolUnknown
First Seen2024
Targets Küresel
Purpose / Capabilities
  • Payload Dropper/Loader
No C2 servers have been identified for this family yet.

Research Reports (1)

Medium

ObfuscatedNETDropper 670781d0 -- Gelecek Tarih Timestamp Anti-Analiz, AesCryptoServiceProvider RSACryptoServiceProvider NET Crypto, Efyfqp.exe Karismik Yeniden Adlandirma, Uzun Rastgele Obfuske Stringler | Orta

ObfuscatedNETDropper 670781d0 PE32 .NET x86 605KB. Gelecek tarih timestamp anti-analiz. AesCryptoServiceProvider RSACryptoServiceProvider. Efyfqp.exe karisman yeniden adlandirma. Uzun rastgele obfuske stringler.

Read Report →