General
-
Target
9655d9cf3452fbad6f7dad1d3b8d835fe4bf4f8f781335016006caa452ab35a6
-
Size
795KB
-
Sample
220521-n37cdaeeg5
-
MD5
073e622a3416caf5cbfa6abbecd4a17d
-
SHA1
eea10a268a23713630622b8cc5727304aa46052a
-
SHA256
9655d9cf3452fbad6f7dad1d3b8d835fe4bf4f8f781335016006caa452ab35a6
-
SHA512
ee7e00266a87ec24de36078ae1c5b216d1b4e277936a9cafd966d138b570121a2fbe4ac2dbc892d0e0fbb2142a975a71fe9007b0dd1547a542a6677524e2108b
Static task
static1
Behavioral task
behavioral1
Sample
orden de compra.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
orden de compra.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
orden de compra.exe
-
Size
852KB
-
MD5
38451c8741a79d06f1c6be03b1b9aacc
-
SHA1
aa20762dda9d99cd680845de562e83cecfb49c44
-
SHA256
f1df9397598b0d1809e96f11970c3c08166f95704a79067012ec23d7aa0aa353
-
SHA512
b70cd7636c2d0299fb1f81148d758df46b83f5d90746c4eaf0cc14ba7ece7802be6fa1e4dcf7b073c239fc9ad4ed5ab2878ab08c77d3682f66a7c212b02a43f6
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-