General
-
Target
SAFETYMATERIAL-COVERALL-MASKPPENh3nfndGkgptXUf.exe
-
Size
401KB
-
Sample
201109-f2ewn4xnsn
-
MD5
8b0fb5064ee0361249dc6ff3aa94c584
-
SHA1
869a8a7ddbdef0840bbc44f5c6cc0cc043059731
-
SHA256
ac016f9b1592fb93fe1117f2a2e20b383944828d649f1ba33ecf831a78537b78
-
SHA512
f6070df027d4977216833afcdb429e70e699deb2f230fb3b797b1e486e893cd5915a2d88a4e1d06bb87342d9e246fc2b17a7a6d373267bd08868f0f2e7cc7d63
Static task
static1
Behavioral task
behavioral1
Sample
SAFETYMATERIAL-COVERALL-MASKPPENh3nfndGkgptXUf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SAFETYMATERIAL-COVERALL-MASKPPENh3nfndGkgptXUf.exe
Resource
win10v20201028
Malware Config
Extracted
asyncrat
0.5.6D
185.165.153.215:6606
uqeolevmck
-
aes_key
5eoiILw5GAY7OkbkZoi8uQvz2qpV60Nt
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
sunday
-
host
185.165.153.215
-
hwid
1
- install_file
-
install_folder
%AppData%
-
mutex
uqeolevmck
-
pastebin_config
null
-
port
6606
-
version
0.5.6D
Targets
-
-
Target
SAFETYMATERIAL-COVERALL-MASKPPENh3nfndGkgptXUf.exe
-
Size
401KB
-
MD5
8b0fb5064ee0361249dc6ff3aa94c584
-
SHA1
869a8a7ddbdef0840bbc44f5c6cc0cc043059731
-
SHA256
ac016f9b1592fb93fe1117f2a2e20b383944828d649f1ba33ecf831a78537b78
-
SHA512
f6070df027d4977216833afcdb429e70e699deb2f230fb3b797b1e486e893cd5915a2d88a4e1d06bb87342d9e246fc2b17a7a6d373267bd08868f0f2e7cc7d63
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Async RAT payload
-
Suspicious use of SetThreadContext
-