General
-
Target
f1a015c0d8f30aecac2e32e83bc6ad3e1236d3ba709255cb023a740e3fc45483
-
Size
93KB
-
Sample
220524-z9pxfsgfa7
-
MD5
00161aff7e341a7049d1011270c43211
-
SHA1
f8d4d89c7245fb6f47bf3dfc14197a97b15f3bcf
-
SHA256
f1a015c0d8f30aecac2e32e83bc6ad3e1236d3ba709255cb023a740e3fc45483
-
SHA512
18631006d93732182253dfadfba1328172a424b00978072b8345f8351a1cff3f9752ad6db40178f459b937ce524265fba3a6c2a836dbdc3aa206d9a87b43cb0d
Static task
static1
Behavioral task
behavioral1
Sample
f1a015c0d8f30aecac2e32e83bc6ad3e1236d3ba709255cb023a740e3fc45483.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
f1a015c0d8f30aecac2e32e83bc6ad3e1236d3ba709255cb023a740e3fc45483
-
Size
93KB
-
MD5
00161aff7e341a7049d1011270c43211
-
SHA1
f8d4d89c7245fb6f47bf3dfc14197a97b15f3bcf
-
SHA256
f1a015c0d8f30aecac2e32e83bc6ad3e1236d3ba709255cb023a740e3fc45483
-
SHA512
18631006d93732182253dfadfba1328172a424b00978072b8345f8351a1cff3f9752ad6db40178f459b937ce524265fba3a6c2a836dbdc3aa206d9a87b43cb0d
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-