General
-
Target
03edc744b45a9472a2b000da3ca64ac9c3c52377bca1f841d7c8a0c7e54e5c22
-
Size
600KB
-
Sample
201109-8mzsgaf3ba
-
MD5
7f0f4bc194ecd75ce12204b3c3cce0da
-
SHA1
0fda5be5b3a59332efd5ce2d902a2cbef5576b51
-
SHA256
03edc744b45a9472a2b000da3ca64ac9c3c52377bca1f841d7c8a0c7e54e5c22
-
SHA512
cb1cb30ec78ab43a6eae67ea9a835d8286b92ba01ad42f393e216f7bc4e8756d99675437498723f9bca0bf2e7b81f9ff27960f1265fad0801c821596b4a27473
Static task
static1
Behavioral task
behavioral1
Sample
03edc744b45a9472a2b000da3ca64ac9c3c52377bca1f841d7c8a0c7e54e5c22.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
03edc744b45a9472a2b000da3ca64ac9c3c52377bca1f841d7c8a0c7e54e5c22.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
03edc744b45a9472a2b000da3ca64ac9c3c52377bca1f841d7c8a0c7e54e5c22
-
Size
600KB
-
MD5
7f0f4bc194ecd75ce12204b3c3cce0da
-
SHA1
0fda5be5b3a59332efd5ce2d902a2cbef5576b51
-
SHA256
03edc744b45a9472a2b000da3ca64ac9c3c52377bca1f841d7c8a0c7e54e5c22
-
SHA512
cb1cb30ec78ab43a6eae67ea9a835d8286b92ba01ad42f393e216f7bc4e8756d99675437498723f9bca0bf2e7b81f9ff27960f1265fad0801c821596b4a27473
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-