General
-
Target
dd184f737fb95e1b427d4c08f52228956611e6196ecdb213e92be324a5ac34ce
-
Size
183KB
-
Sample
220521-cfp9ssdgg3
-
MD5
43811b5bc076765c6e7770c5516116b1
-
SHA1
f740e62b21c7a062e77c170e9091f49d5ed9c93a
-
SHA256
dd184f737fb95e1b427d4c08f52228956611e6196ecdb213e92be324a5ac34ce
-
SHA512
6e6da17d9c56b43df22d530607e4a35e1f6520d104753ab09d93f516d30590f493d1587ae5f0b92f3bb459b2bc19bfb1006271436b61377ceba897588a488d05
Static task
static1
Behavioral task
behavioral1
Sample
SAFETY-PPE-MASK-EQUIPMENT-JOGGRIx8Qfs0orFnQO7Z.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.6D
sunday
185.165.153.215:6606
uqeolevmck
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
SAFETY-PPE-MASK-EQUIPMENT-JOGGRIx8Qfs0orFnQO7Z.exe
-
Size
353KB
-
MD5
db9de1e61bf8f5138d797d4bf360faaf
-
SHA1
794e45022a9c8e0b5292a86f5e7d3a721d40bf51
-
SHA256
243f707f1d8eabf197f836f4e87426bf3f2619ab74a089e15ed8182e74752dcd
-
SHA512
c5ec160d17668c9feef2a519a4d1e43270831b24b95b532d43c10e0d411d142135d1417b596b6ec1d095f4e334b9d70aa47e87e2ef3ca5b34fa1c88d80e19dd6
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-