General
-
Target
b2ced5a1e231d5578384832a809fd4e3b5dcbb05cc70cdec1f6bfa364f9868d8
-
Size
142KB
-
Sample
220521-bp17zsccb5
-
MD5
de1930233903a999027ef95a869b0f63
-
SHA1
5a206f64e8570b32e51e6dfe1def839d77b8a7d8
-
SHA256
b2ced5a1e231d5578384832a809fd4e3b5dcbb05cc70cdec1f6bfa364f9868d8
-
SHA512
18368fe64b6324af1364b30e8caa41bca0c4d69d2fea13e562fb762e315893239dc6ed4bf5d3e211762caceb89a3dbc21a51ddd10e4b81da8e9039c1b12e6b37
Static task
static1
Behavioral task
behavioral1
Sample
Disposable protective clothings PCKIN #6176.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.6D
MIKEMIKE
185.165.153.215:6606
uqeolevmck
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Disposable protective clothings PCKIN #6176.exe
-
Size
316KB
-
MD5
467a66feca37c23d56c08770cbfc5703
-
SHA1
b8850adf52c37f40bd0b58f6e959c987adac2794
-
SHA256
e2441bea072dce22af4853106891cb87d314461749fde2b31a0f6b3521e5daa3
-
SHA512
2b893ee0d270c4aa9b181c305aec9423af27dbbbcfbe0cb38b6c0b8ac6a5c486e7795d77146000a20776b4fdd68118245e267f3bfc58e73218248cf56ae74cf1
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-