General
-
Target
shipment document pdf.exe
-
Size
825KB
-
Sample
201109-5dws2ezy3a
-
MD5
58d90785308067dbb5b317014a3d3b41
-
SHA1
11ce185684c80f65946c9f36029725fa48b56058
-
SHA256
96fddf8ed5ba87a03b03c5e0387ab1f3ef44df00ce11d0761a108d6407472c86
-
SHA512
cf1662deb92f5e6cbd87ba395931eab5c9d12ba2bda0a6ce3564dec5c63307a22bfbdbf689b8b8562d05381e7f9bfa865141bc98a87f99885d3731ab33ff87bd
Static task
static1
Behavioral task
behavioral1
Sample
shipment document pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
shipment document pdf.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
shipment document pdf.exe
-
Size
825KB
-
MD5
58d90785308067dbb5b317014a3d3b41
-
SHA1
11ce185684c80f65946c9f36029725fa48b56058
-
SHA256
96fddf8ed5ba87a03b03c5e0387ab1f3ef44df00ce11d0761a108d6407472c86
-
SHA512
cf1662deb92f5e6cbd87ba395931eab5c9d12ba2bda0a6ce3564dec5c63307a22bfbdbf689b8b8562d05381e7f9bfa865141bc98a87f99885d3731ab33ff87bd
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
-
MassLogger Main Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-