General
-
Target
4cd3516445804b6db6def641799df96a0ceb4d74db20ea631a833944816f93f6
-
Size
233KB
-
Sample
220521-b16a3sfhdr
-
MD5
e0d2700717c9cedf057afc5a81301809
-
SHA1
cf5e16bba33cabaf311fdf6d4ba633f987857784
-
SHA256
4cd3516445804b6db6def641799df96a0ceb4d74db20ea631a833944816f93f6
-
SHA512
77507489bd6ab423c55e5293dfd5f92481b3d68212df52d37da3cceba687063071b34b2848870d7a3e3b7bcee891728f4632395463bfb1dc013d980638feccd8
Static task
static1
Behavioral task
behavioral1
Sample
disposable-ppe-plus7269210-coverall-FACE-MASK.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.6D
MEKUSKIC
185.165.153.215:6606
uqeolevmck
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
disposable-ppe-plus7269210-coverall-FACE-MASK.exe
-
Size
378KB
-
MD5
1e481676baa52debdfe61bbee086973f
-
SHA1
94d010cb79798bccd7506634a3ff66b2724e29d4
-
SHA256
41b228a6fc3e91dfbc8f98db716e3ca175a97e57fecd22e4ba13fb7ba9070750
-
SHA512
6455afc5224312be0f0e2e1393c70ab78c9c88a779e0397b4807faf0b92d5372f311913e7c52020c3c694714ad397d57200b1e6e5fcf0e0b9e43b72356d8c443
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-