General
-
Target
132ae8aa700ef41385e1928d50b1feda6f95f18a5b6ad22f275c9c6de13c7deb
-
Size
780KB
-
Sample
220521-dztl1agfa5
-
MD5
e7231b4857a5c68156f3f93ffadee1fd
-
SHA1
21e156eaef77640fa14d2bd38ff5112ded39327f
-
SHA256
132ae8aa700ef41385e1928d50b1feda6f95f18a5b6ad22f275c9c6de13c7deb
-
SHA512
32b6445e8488e5996ce57c2e8292dce4456174a5608d91d4852238abacf8300ae6060a4bf94de4d13aac42cb171ee6e963f8f71fdfe256af74aeca8cbe210cc2
Static task
static1
Behavioral task
behavioral1
Sample
nalog za kupnju.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
nalog za kupnju.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
nalog za kupnju.exe
-
Size
814KB
-
MD5
1f107e0e93b99040bc5776653b7f2652
-
SHA1
d8f3b43e4d6cf83173180e297215b7951f6aa185
-
SHA256
9d5a194bc2e43c2e391ae84647afc17ade46bae8497c86edd83107b462fd68ef
-
SHA512
d74e4c65add5eaca4d4509eeb3c0390ebfa3f6029326a25417cb87dc17062fe3e79259a354f06c3290e2898b4e9dd7d84728838c82f1ec79cadc833453e80943
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-