General
-
Target
fdf5e4a689691a96bf93bc3b34b6368b1902a5413980def6a864a57f0325ef4f
-
Size
160KB
-
Sample
220524-tfrlascecr
-
MD5
788fe4e8bdcff1069a879664b02410ec
-
SHA1
3931f99406bf4f8e5320bfd8c3b89a5fdc7b0d55
-
SHA256
fdf5e4a689691a96bf93bc3b34b6368b1902a5413980def6a864a57f0325ef4f
-
SHA512
b63d2495f737e0b6f58e0b25b5ca03280c6db4abbc9ca06a78192930cdea6586a3864daad819320c932915b81b55d1f0136726097e11c5b831cbf1944b354384
Static task
static1
Behavioral task
behavioral1
Sample
fdf5e4a689691a96bf93bc3b34b6368b1902a5413980def6a864a57f0325ef4f.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
fdf5e4a689691a96bf93bc3b34b6368b1902a5413980def6a864a57f0325ef4f
-
Size
160KB
-
MD5
788fe4e8bdcff1069a879664b02410ec
-
SHA1
3931f99406bf4f8e5320bfd8c3b89a5fdc7b0d55
-
SHA256
fdf5e4a689691a96bf93bc3b34b6368b1902a5413980def6a864a57f0325ef4f
-
SHA512
b63d2495f737e0b6f58e0b25b5ca03280c6db4abbc9ca06a78192930cdea6586a3864daad819320c932915b81b55d1f0136726097e11c5b831cbf1944b354384
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-