970064829477d473fdb0c663c8282fb373fee12b4c34fc4d2dda7cf11c9148fc | Triage

Submit
Reports

Overview

overview

Static

static

paint.net....64.exe

windows7-x64

8

paint.net....64.exe

windows10-2004-x64

Sharing

General

Target

paint.net.4.3.12.install.x64.exe.7z
Size

61.0MB
Sample

220908-ysgdbachcn
MD5

956bdf9c0afb60e53598c90faf5545dd
SHA1

8b6b15862c7747403f6fe5cfe9cd1f0683a06a03
SHA256

970064829477d473fdb0c663c8282fb373fee12b4c34fc4d2dda7cf11c9148fc
SHA512

b64ce46f1f002749523f8901231d7d11b34499baf03d148a730e0fcb60ad62c13446daf5082506ebb6761e0ba10d4d21ed54b8fa813690e10e3a43e8683a570f
SSDEEP

1572864:l0yBpABCQvjMcj1jmcwi3fWdQd//6QS5kDsNT:10BCi7/fWdQd//6JN

Score

10^/10

coreentity discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

paint.net.4.3.12.install.x64.exe

Resource

win7-20220812-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

paint.net.4.3.12.install.x64.exe

Resource

win10v2004-20220812-en

coreentity discovery evasion persistence trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  paint.net.4.3.12.install.x64.exe
- Size
  
  61.4MB
- MD5
  
  c355a5829ac1552e152310346918af9f
- SHA1
  
  751e2f9b513dc5489912a4d9ab9e64a7d78eeff4
- SHA256
  
  fc8d19614f448f5f345219f87f947813e14608b61cdd2812b36a4d1bfc4b2fc0
- SHA512
  
  72190d20b98f854c1b2135d045aad4949c19f0211f6bbfd8f824c6369f9841a5d0c13a48606fe63ce4cf6591780fb59db558c3b46b31118398e380da006980eb
- SSDEEP
  
  1572864:E1tiSf6SCXKvQK5G4ULJgJsFN82imwmf93lz/iExUI+OM:0t3Qy4MQi6RlcK
Score

10^/10

coreentity discovery evasion persistence trojan
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Blocklisted process makes network request
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

coreentitydiscoveryevasionpersistencetrojan

© 2018-2024

Terms | Privacy