Static task
static1
Behavioral task
behavioral1
Sample
Payment Slip.exe
Resource
win7-20220414-en
General
-
Target
be212619b97ee6954f65301efb5027961cebf3ac7ce8edd71dda5872442cea0c
-
Size
261KB
-
MD5
8947567c8965dd5dbfbc5ad855a4870f
-
SHA1
056840758e7600d73a2e638990f42ee9c2526dca
-
SHA256
be212619b97ee6954f65301efb5027961cebf3ac7ce8edd71dda5872442cea0c
-
SHA512
ee4ca1131d0885b8cb471e11ceb0f3f09558362053a07dd59cdbf7c744c8c5eaad244ebd4c54cb0dd9df86c862d1ec9b9ba8ddee22e647074bc3a9e409f4a16a
-
SSDEEP
6144:tPhuKLxIpaSNRREoOR82Qn/OFD6XZvM6cXGZLNQ6xUB61L8mIlCbhMBZhwOJDIQe:JhuKJKDEoOurW96XK7WLp261RIAb6BZS
Malware Config
Signatures
-
CoreCCC Packer 1 IoCs
Detects CoreCCC packer used to load .NET malware.
Processes:
resource yara_rule static1/unpack001/Payment Slip.exe coreccc
Files
-
be212619b97ee6954f65301efb5027961cebf3ac7ce8edd71dda5872442cea0c.rar
-
Payment Slip.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 303KB - Virtual size: 302KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ