General
-
Target
5cdbdd323154f2b9d326ba16c9ca37d6d3178ef625b72e7180e9789da5e67063
-
Size
301KB
-
Sample
220521-pk9v8afed6
-
MD5
8b88eddfa0914fe67dea3f5712fd4f51
-
SHA1
aeecc24b6872b4b9f3cc464c9b4be3bdc99eeb8a
-
SHA256
5cdbdd323154f2b9d326ba16c9ca37d6d3178ef625b72e7180e9789da5e67063
-
SHA512
f9e71dbbd09207a55b395dd013c9fccc40c12ed214615066d5380682add11893153ba342d029172be003c6fedb9347177b9a8386341519fb688c1b680a724de4
Static task
static1
Behavioral task
behavioral1
Sample
disposable protective mask.exe
Resource
win7-20220414-en
Malware Config
Extracted
asyncrat
0.5.6D
HARDHARD
185.165.153.215:6606
uqeolevmck
-
delay
1
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
disposable protective mask.exe
-
Size
538KB
-
MD5
349decc4593ee1efe629681f446c6d86
-
SHA1
c751c97becccf1c4e9f9af7009d97f7e71c13de9
-
SHA256
6c961875370f68c10a135e3d0c14ec8164bb92556a8e3482cd80b52f96e4bc52
-
SHA512
3c4df88c27c04cbd69070ea122672db265c8307a2a502b35a2887199e2013fa2fa7156b2a323dbceb771732f5415727fe7260f5100db85b2a32dd433cdd8505a
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Async RAT payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-