General
-
Target
56b6838a0f76da2f937fdbe5b8c936296332f2ba576170ae775ebb3da26b3323
-
Size
232KB
-
Sample
220521-bt6y2aceb8
-
MD5
7654740977574da8dbfd051ab392477a
-
SHA1
dd3c29a88cf5819a61bab7e175f04bf2c11590b1
-
SHA256
56b6838a0f76da2f937fdbe5b8c936296332f2ba576170ae775ebb3da26b3323
-
SHA512
3409039d0c6f518dd9d022c28e92440467df24ab79992fbe100d797fb87d613f4556916cb39b6a33f1496623d457c9ed8414352e5dcdbbfc567346963e8865b1
Static task
static1
Behavioral task
behavioral1
Sample
Disposable Protective Clothings.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Disposable Protective Clothings.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.6D
ArmaniArmani
185.165.153.215:6606
uqeolevmck
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Disposable Protective Clothings.exe
-
Size
376KB
-
MD5
a6b074c03b42a9675cdd237aa106cca2
-
SHA1
cc3e04c2d2ed0c0b08f4c81859f8916f4e5d8c4c
-
SHA256
13bcf525a0617b8107fa61cd8fc1b47bf37c7a91291c3a68724cf3edac4aeab7
-
SHA512
339dc09a2b3f476b81f19011f6b7118e586017a1c8dd09beff50cf2ac3f932372d7ed3e68063ae0681dae90d6457df163bce525873f14a8b8f755de22986811e
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-