General
-
Target
e4a9653f671e29f36f575a2861deea2353b68953a2eda4697a49053abbd4ee98
-
Size
1.3MB
-
Sample
220521-cdwzkaggbq
-
MD5
199a758dc4cfa9ff5bedf8eb9559ae65
-
SHA1
3a35762496198d1e7d3329efec28eb45870ded33
-
SHA256
e4a9653f671e29f36f575a2861deea2353b68953a2eda4697a49053abbd4ee98
-
SHA512
21354ff9ae34b97b542f83170bdda0c37267292166162636880fd9b316c1fc2bf45ccbd20f9cceadd32a0fe1695fc2c5ebabc998581bcba3fe4c9f44576bbf74
Static task
static1
Behavioral task
behavioral1
Sample
AD6OSOTU.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AD6OSOTU.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
AD6OSOTU.EXE
-
Size
812KB
-
MD5
d3d8e697f01dfa55054727f4653c8673
-
SHA1
8bde1f7210b448b23e622ae9f7d2b324dc5bdf1e
-
SHA256
505fb0a37da3e27d2f40ba8ec69ed380b743f952deea93bab1e7a6167d36e586
-
SHA512
f90433f67bb1f53eaca717c4c94fce3710220019c2ecba35f70b93abe68888a40e525909f09e842876dfb66e89e0542f39d15b1918443f1137be576cd1d167fa
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-