General
-
Target
9fd392cb0625064392be62c5ac1fd196236bccc2ee8be8fbc0334ac1f2edbe87
-
Size
799KB
-
Sample
220521-bqxwysfchn
-
MD5
72ea78123b169071e343c6f12df452f0
-
SHA1
7760c9c692621634379161a664c4b0106ac0612d
-
SHA256
9fd392cb0625064392be62c5ac1fd196236bccc2ee8be8fbc0334ac1f2edbe87
-
SHA512
0d257f3bf57d9704efda0046680259c7e48e3524e7bd7bf0c0189bdbbb3738e9f07aa135fe1aae49c86a3f0385d00a7af5fc2ff999e7ca2a7c3e372892b853f5
Static task
static1
Behavioral task
behavioral1
Sample
yeni sifari?.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
yeni sifari?.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
yeni sifari?.exe
-
Size
852KB
-
MD5
9367062ce634b7d681f9c2c9be8ca36b
-
SHA1
432245fb29ac4467fe4a6351f389cf336ec344e1
-
SHA256
326d9a3cd91e4bc994ff17720650d3eb08d4c502ed4847f5fe8496b7ba50a6b9
-
SHA512
f18688b1387c02b7d517836b4c421a60dfa754a710ced665437d2945b6b651fe80281634075193e2bfa3e562670db9c0024127af0bf1b7c4b61571621b03aa1f
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-