NETDropper

.NET dropper using Spanish invoice lure (Factura). Drops XZvu.exe embedded PE payload. AES encryption (TAes! reference). Entropy 7.90 maximum packing. Pure .NET binary (single import mscoree.dll). System.Drawing.Bitmap image manipulation.

Threat Profile
Type Loader
Programming LanguageC#/.NET
C2 ProtocolHTTPS
First Seen2023
Targets Latin Amerika/İspanya
Purpose / Capabilities
  • dropper
No C2 servers have been identified for this family yet.

Research Reports (1)

High

NETDropper Facturaelectriccorrespo -- XZvu.exe Gomulu PE Payload, Entropi 7.90 Maksimum Paketleme, TAes AES Sifreleme Kaniti, mscoree.dll Tek Import Pure NET Binary | Yuksek

NETDropper Facturaelectriccorrespo ZIP 948KB net PE 1MB. XZvu.exe gomulu PE payload. Entropi 7.90 maksimum paketleme. TAes AES sifreleme. mscoree.dll tek import pure NET binary.

Read Report →