General
-
Target
111a8502e03046675c3b498685dc3f3434770f71361710218d50f525285298c7
-
Size
1.3MB
-
Sample
220521-d1lmsabfdn
-
MD5
e90d65bc6ff3fecaf4fb0f13526f02d6
-
SHA1
9d74b43dab9f0ef299a7a1c3d3739a06ddbf9fc3
-
SHA256
111a8502e03046675c3b498685dc3f3434770f71361710218d50f525285298c7
-
SHA512
d4a72d8059f2aa5b016361c1834c67b157b821a07913e8f72530c87f1af4f6beea9bc909b472ecc136c1f0f387168abea50af25b627f564c7f96c7121d020562
Static task
static1
Behavioral task
behavioral1
Sample
KAZGLDK7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
KAZGLDK7.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
KAZGLDK7.EXE
-
Size
796KB
-
MD5
8776bc582b394da008bf1838d5a12239
-
SHA1
527a52018952885beb39b5c5e1e35dff17b086d3
-
SHA256
d80a482a5bff3bb4d0e6263d75c7eebf295d9027a1319a1c60100e2ec6ed2433
-
SHA512
6bf4f3815124545e4b7ab65b146a0f0351d3a2cd7fb63448249f346f392da5d15b48ce8fbee1920d532707171d17a73af3029b03439dbc28295713212ad8d96e
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-