General
-
Target
f32fc896121944f9c4708aec496bddd7a1e774c82e9807371f020a865971d8b7
-
Size
258KB
-
Sample
220521-cacrhsdeb9
-
MD5
7d156495096949bdc72cb97fb0479d27
-
SHA1
fd2a1ad9f9b65cb97433ac6c3c80bcf6f68e0ed8
-
SHA256
f32fc896121944f9c4708aec496bddd7a1e774c82e9807371f020a865971d8b7
-
SHA512
86a5ddae9fd3ec4c25b7f705ffb593a21880e0626796744eb2346b1f5aa69ac2605b6e310c41190c7affcf2ffc610a4163efe0b2f67f443b6afe608b04146349
Static task
static1
Behavioral task
behavioral1
Sample
DHL-RELC-REFERN-DHL-COVERALS5RrLEIlzVa4iXP.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL-RELC-REFERN-DHL-COVERALS5RrLEIlzVa4iXP.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
asyncrat
0.5.6D
UNITYBANKFORALLMAN
makesureeasteats.duckdns.org:6606
uqeolevmck
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
DHL-RELC-REFERN-DHL-COVERALS5RrLEIlzVa4iXP.exe
-
Size
374KB
-
MD5
e3d8daec720c0cf54420951020cffdf8
-
SHA1
5982d17e7a1cb3105830e51b9fe05596739c51fa
-
SHA256
6a1ebc534faa5e6c5535181838e95c95a5271f519b2fdc8cca011d7477a2584b
-
SHA512
17483468279dfb3cddc08442cab7bd65c95fc63b47f2ed72bec28877b538f8332173cfcba18a41a62c20a80f9f84b36ab027f4cc17982894a237b79343b73c29
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-