Since this is a .NET application, it can be reverted to near-source code using or ILSpy .
Software\Microsoft\Windows\CurrentVersion\Run\WinFormsApp WinFormsApp23.11.zip
Common behavior includes scanning for Login Data in browser profiles (Chrome/Edge) or targeting Discord tokens. Summary of Findings Observation Persistence Scheduled Task or Registry Key Language Network C2 communication on non-standard ports Objective Likely an Infostealer or Downloader Indicators of Compromise (IoCs) Filename: WinFormsApp23.11.exe Dropped Files: %TEMP%\tmpXXXX.tmp Since this is a
Running the sample in a sandbox (e.g., ANY.RUN or Flare-VM) reveals the following actions: This write-up covers the analysis of , a
High (suggesting possible packing or encrypted payloads).
This write-up covers the analysis of , a suspicious archive containing a .NET-based executable . The analysis focuses on its behavior, underlying code, and indicators of compromise (IoCs). File Overview Archive Name: WinFormsApp23.11.zip Contained File: WinFormsApp23.11.exe Platform: Windows (.NET Framework / .NET Core) Type: Windows Forms Application 1. Initial Static Analysis
Since this is a .NET application, it can be reverted to near-source code using or ILSpy .
Software\Microsoft\Windows\CurrentVersion\Run\WinFormsApp
Common behavior includes scanning for Login Data in browser profiles (Chrome/Edge) or targeting Discord tokens. Summary of Findings Observation Persistence Scheduled Task or Registry Key Language Network C2 communication on non-standard ports Objective Likely an Infostealer or Downloader Indicators of Compromise (IoCs) Filename: WinFormsApp23.11.exe Dropped Files: %TEMP%\tmpXXXX.tmp
Running the sample in a sandbox (e.g., ANY.RUN or Flare-VM) reveals the following actions:
High (suggesting possible packing or encrypted payloads).
This write-up covers the analysis of , a suspicious archive containing a .NET-based executable . The analysis focuses on its behavior, underlying code, and indicators of compromise (IoCs). File Overview Archive Name: WinFormsApp23.11.zip Contained File: WinFormsApp23.11.exe Platform: Windows (.NET Framework / .NET Core) Type: Windows Forms Application 1. Initial Static Analysis