General
-
Target
1d63fd158bf9c1fa57c0bdb68817252b6c55e7a1f506d74680be6fc76e49f310
-
Size
1.2MB
-
Sample
220521-pnsfcaahcl
-
MD5
8ca7bea27b592c26200944135f024f53
-
SHA1
f3199cc6edb7f71ea1a1c6c1041dedc675c5eea8
-
SHA256
1d63fd158bf9c1fa57c0bdb68817252b6c55e7a1f506d74680be6fc76e49f310
-
SHA512
aec8b64ecd93c159238f9d9f1420c0de91c14ee45b7707e64b78c92c784196c0230bdd240a7e0339c8b81d0a56a33db8b1aa83567c99c67649d1ef1341048fd2
Static task
static1
Behavioral task
behavioral1
Sample
IGUW6LGP.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
IGUW6LGP.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
IGUW6LGP.EXE
-
Size
729KB
-
MD5
a978829d640914b88ee160147ba56292
-
SHA1
f2a019846d5c649238f4c880349186636aaead8f
-
SHA256
5561987526eb45b89f9ed1220d2544ce4d5bc4b46cb47839e44444a05aab70f8
-
SHA512
3d245e2978c7df8896a6a9ebbaeedc707a0cb708d54bb5cf1672423c300984e96dade5e962e170bd38ed8a3891a4aee7d54a4f5296daa5193e7ee9c1928af547
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-