Static task
static1
Behavioral task
behavioral1
Sample
Purchase order Barminco EMRA 0093.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Purchase order Barminco EMRA 0093.exe
Resource
win10v2004-20220414-en
General
-
Target
988b266f501428b61fc10a827e602b3df790cc16882f156403270ac4fdf50a0a
-
Size
519KB
-
MD5
98798ea9d501a71a852c27ad1bd7e2d4
-
SHA1
85b8e8fe843ce2cec1ba12f491e8a263df6a4183
-
SHA256
988b266f501428b61fc10a827e602b3df790cc16882f156403270ac4fdf50a0a
-
SHA512
f5e3941e9cc58a08c8fb4b784f3c60a7ff08ea599e1a779a3acf262df9e34c94b3879e5b20db09b3ceae3d11df3c8b5dba452a7167ba86ffab473fa1fef4dc91
-
SSDEEP
12288:V4IEZgZ54ZAbAPBsCT8F4DfA8MlYc/FVjOxKMU86:KeYZAg2fCDfd2Yc/kU86
Malware Config
Signatures
-
CoreCCC Packer 1 IoCs
Detects CoreCCC packer used to load .NET malware.
Processes:
resource yara_rule static1/unpack001/Purchase order Barminco EMRA 0093.exe coreccc
Files
-
988b266f501428b61fc10a827e602b3df790cc16882f156403270ac4fdf50a0a.rar
-
Purchase order Barminco EMRA 0093.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 536KB - Virtual size: 536KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ