Static task
static1
Behavioral task
behavioral1
Sample
LULUZHEO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
LULUZHEO.exe
Resource
win10v2004-20220414-en
General
-
Target
b6c6e4e30228a0d456f676303b0e9a71432bed674cb11a749f0a018fce862204
-
Size
1.2MB
-
MD5
66afe2da6b4a7089e822abf3086c15b1
-
SHA1
b93d2c51568632075371d3dc0e7cc7af5a23f4aa
-
SHA256
b6c6e4e30228a0d456f676303b0e9a71432bed674cb11a749f0a018fce862204
-
SHA512
58b50ccce5561dbaeb8f83afccc40c19032a7fc1faa324761b8b3cecea30079b7dfa0eecf41b19b7adb31140f5100112e370f57d4af89aca92c70b59bcc5a5b1
-
SSDEEP
12288:g8OOoVeLq6V4vda79yL85M60B9tk45uSJX9Xb:voe4vds9yQ5x0dk45uSr
Malware Config
Signatures
-
CoreCCC Packer 2 IoCs
Detects CoreCCC packer used to load .NET malware.
Processes:
resource yara_rule sample coreccc static1/unpack001/LULUZHEO.EXE coreccc
Files
-
b6c6e4e30228a0d456f676303b0e9a71432bed674cb11a749f0a018fce862204.iso
-
LULUZHEO.EXE.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 417KB - Virtual size: 416KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 31KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ