Static task
static1
Behavioral task
behavioral1
Sample
URGENT ORDER (1128839)].exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
URGENT ORDER (1128839)].exe
Resource
win10v2004-20220414-en
General
-
Target
8651e049cc61cc15e6453ef5c63a6350c3e3018281898641cbb3125be2831843
-
Size
244KB
-
MD5
59f4cc83642a2d1d8403ddb20b8d9010
-
SHA1
ddde8692751234108557140c2b9af108be4b82ac
-
SHA256
8651e049cc61cc15e6453ef5c63a6350c3e3018281898641cbb3125be2831843
-
SHA512
5ae66e8308a0a501cedc1b2a406072fd9997a06b3fd773e8e82db696595f7d7c6ee5fffde0cc83253b6bdea3dddf82f8e0a06864598aad5b72124becf4da75a3
-
SSDEEP
6144:SVVdzBrzNfsH42sFh3tiB2ansQ0TRwxSm6AwmHaCs5t93+auze:+VVBrMifiY1axSEwFCsZCze
Malware Config
Signatures
-
CoreEntity .NET Packer 1 IoCs
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
Processes:
resource yara_rule static1/unpack001/URGENT ORDER (1128839)].exe coreentity
Files
-
8651e049cc61cc15e6453ef5c63a6350c3e3018281898641cbb3125be2831843.rar
-
URGENT ORDER (1128839)].exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 231KB - Virtual size: 231KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 363KB - Virtual size: 363KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ