ba9056d8017e211407a8915ae3d0132a18c7af6a380c7dd53f6521c5f8bb5af1 | Triage

Submit
Reports

Overview

overview

Static

static

9

New Offer.exe

windows7_x64

New Offer.exe

windows10-2004_x64

9

Sharing

General

Target

ba9056d8017e211407a8915ae3d0132a18c7af6a380c7dd53f6521c5f8bb5af1
Size

785KB
Sample

220521-bprcsafccl
MD5

b48c180451a952d25f314c446b9e1f6a
SHA1

7cc47f4543549148dcbb698af42ced0730e3e811
SHA256

ba9056d8017e211407a8915ae3d0132a18c7af6a380c7dd53f6521c5f8bb5af1
SHA512

4bedd4c3fd4e164c1b372f4ec3a053a9e420cd9a51e597fea0164d9d8eea5a25cc290ce2aaf34bd19dca49afb8b2fe09aff80171cff2c1ecbb9fea464d4652a2

Score

10^/10

coreentity rezer0

Static task

static1

Behavioral task

behavioral1

Sample

New Offer.exe

Resource

win7-20220414-en

coreentity rezer0

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

New Offer.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  New Offer.exe
- Size
  
  827KB
- MD5
  
  c5eda9db6db46c98570bc8bcaed6f3a6
- SHA1
  
  8bbefc64626568c0a73b095d874f1b00633f7eb1
- SHA256
  
  6d501548a8060835c3a3d65281d905a189d6ebb7f2c79e0ae76d59872c1cc0b3
- SHA512
  
  060001790d3e9991ad4a47ae18386048d98fb47350958e03e66e85ded94208145e0e68477d2cfe91ef63879faf71d1cad70465531fb5635f7e97503caaf4cf85
Score

10^/10

coreentity rezer0
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- CoreCCC Packer
  Detects CoreCCC packer used to load .NET malware.
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

coreentityrezer0

behavioral2

© 2018-2024

Terms | Privacy