General
-
Target
COTIZACIN_PDF______________________________________.exe
-
Size
1.7MB
-
Sample
201109-3fl3r77n9e
-
MD5
f15739e5e71eba72fb64bf8079726140
-
SHA1
4546c0efab75849299fd85e03ca7b0fb9185e15b
-
SHA256
a647534f6daf848fa5a54b9bf08fda0c67933b9505a86b9cb8abcc655813687e
-
SHA512
cb369a7636059769a6da0108591f6e64b4e16b6d731a86f96c4ca373b6e2df91feb3740d8606195c79c6e129d1819774b78013bd24c520dc3be24d730f4053eb
Static task
static1
Behavioral task
behavioral1
Sample
COTIZACIN_PDF______________________________________.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
COTIZACIN_PDF______________________________________.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
COTIZACIN_PDF______________________________________.exe
-
Size
1.7MB
-
MD5
f15739e5e71eba72fb64bf8079726140
-
SHA1
4546c0efab75849299fd85e03ca7b0fb9185e15b
-
SHA256
a647534f6daf848fa5a54b9bf08fda0c67933b9505a86b9cb8abcc655813687e
-
SHA512
cb369a7636059769a6da0108591f6e64b4e16b6d731a86f96c4ca373b6e2df91feb3740d8606195c79c6e129d1819774b78013bd24c520dc3be24d730f4053eb
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger log file
Detects a log file produced by MassLogger.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-