Overview

overview

10

Static

static

10

orden de compra.exe

windows7_x64

10

orden de compra.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9655d9cf3452fbad6f7dad1d3b8d835fe4bf4f8f781335016006caa452ab35a6

  • Size

    795KB

  • Sample

    220521-n37cdaeeg5

  • MD5

    073e622a3416caf5cbfa6abbecd4a17d

  • SHA1

    eea10a268a23713630622b8cc5727304aa46052a

  • SHA256

    9655d9cf3452fbad6f7dad1d3b8d835fe4bf4f8f781335016006caa452ab35a6

  • SHA512

    ee7e00266a87ec24de36078ae1c5b216d1b4e277936a9cafd966d138b570121a2fbe4ac2dbc892d0e0fbb2142a975a71fe9007b0dd1547a542a6677524e2108b

Score
10/10
coreentityrezer0

Malware Config

Targets

    • Target

      orden de compra.exe

    • Size

      852KB

    • MD5

      38451c8741a79d06f1c6be03b1b9aacc

    • SHA1

      aa20762dda9d99cd680845de562e83cecfb49c44

    • SHA256

      f1df9397598b0d1809e96f11970c3c08166f95704a79067012ec23d7aa0aa353

    • SHA512

      b70cd7636c2d0299fb1f81148d758df46b83f5d90746c4eaf0cc14ba7ece7802be6fa1e4dcf7b073c239fc9ad4ed5ab2878ab08c77d3682f66a7c212b02a43f6

    Score
    10/10
    coreentityrezer0

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks