General
-
Target
ea41301e4a2d98c24382db9b027f550c800650725d2fbb3dee52cc4b3c2adf0c
-
Size
97KB
-
Sample
220521-ccjylsdfb9
-
MD5
42bac53401a84c84d83e7e840be21071
-
SHA1
961b2af6a32370e5e7d6bb2c62a7cdb772390c8b
-
SHA256
ea41301e4a2d98c24382db9b027f550c800650725d2fbb3dee52cc4b3c2adf0c
-
SHA512
462dd7d5342d83a7526e5115b3d638ab0df50d28bf10052ef4d1fc21a62b2d946759ca14bffd5085af78daa4559ef11df3d6a2ef896e26d268758f9d30da74ec
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20200410_080918_330462.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20200410_080918_330462.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Halkbank_Ekstre_20200410_080918_330462.exe
-
Size
210KB
-
MD5
60624eac1bb29e821f4355ccb7e7340c
-
SHA1
6f67adec0cb13f1622e9b608cb8cb84220d8ee13
-
SHA256
acacc7f3cc09e7a711e1f7f4f9fc6633b4c48b21f17e793ec9a91c26173c1232
-
SHA512
a426db69c5d178af4a8a7d99109e7f0112192f43dd769b84366162178a7ba449ba41c93c82cf48db4923cd4198a4a821788696b9818c731f342e138ae3023015
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-