Overview

overview

10

Static

static

yeni sifari?.exe

windows7_x64

10

yeni sifari?.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9fd392cb0625064392be62c5ac1fd196236bccc2ee8be8fbc0334ac1f2edbe87

  • Size

    799KB

  • Sample

    220521-bqxwysfchn

  • MD5

    72ea78123b169071e343c6f12df452f0

  • SHA1

    7760c9c692621634379161a664c4b0106ac0612d

  • SHA256

    9fd392cb0625064392be62c5ac1fd196236bccc2ee8be8fbc0334ac1f2edbe87

  • SHA512

    0d257f3bf57d9704efda0046680259c7e48e3524e7bd7bf0c0189bdbbb3738e9f07aa135fe1aae49c86a3f0385d00a7af5fc2ff999e7ca2a7c3e372892b853f5

Score
10/10
coreentityrezer0

Malware Config

Targets

    • Target

      yeni sifari?.exe

    • Size

      852KB

    • MD5

      9367062ce634b7d681f9c2c9be8ca36b

    • SHA1

      432245fb29ac4467fe4a6351f389cf336ec344e1

    • SHA256

      326d9a3cd91e4bc994ff17720650d3eb08d4c502ed4847f5fe8496b7ba50a6b9

    • SHA512

      f18688b1387c02b7d517836b4c421a60dfa754a710ced665437d2945b6b651fe80281634075193e2bfa3e562670db9c0024127af0bf1b7c4b61571621b03aa1f

    Score
    10/10
    coreentityrezer0

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks