General
-
Target
e9c4c8ba7977a65b5aacfda5926b44af00126f6444170a7a955f203c7ec7a4b7
-
Size
347KB
-
Sample
220521-bmg2bsfbcj
-
MD5
5d1a2a31266cecca65af470a3a501a3b
-
SHA1
0ae7fd5e66fcd899bb1507064e75ad276ddfabaf
-
SHA256
e9c4c8ba7977a65b5aacfda5926b44af00126f6444170a7a955f203c7ec7a4b7
-
SHA512
1125dec2ec08284bdc8766deaa573271619cc1a1933ca9990d11c3d41701221c1c757277bc707cc07f5729cd1dc25cd73d166182e8d5a60353b976a332deedd1
Malware Config
Targets
-
-
Target
APPROVE ORDER .exe
-
Size
400KB
-
MD5
96b3b7fcba7348f92c8b0a888f0bc619
-
SHA1
508fd0984218206747e49d544c829e0b29790f9f
-
SHA256
ee6195ec1370d529ba036d6ce5f7ca391822519455a57817e1576ac8a45b8b8d
-
SHA512
6eb3362a08a121e1203bbacd215d8320c772ed55cb97a78fa2e133b0fc58cc067738f820e16a83bc7ee33db9e5df71dd5f8577faf07a9842acffa3e90db67503
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
M00nd3v_Logger
M00nd3v Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
M00nD3v Logger Payload
Detects M00nD3v Logger payload in memory.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-