General
-
Target
Monolith Notes Setup.exe
-
Size
71.7MB
-
Sample
221020-v8n7bafgg5
-
MD5
929ed5a3690fe8b2ababdc8eeb0375ca
-
SHA1
2471f1ed659805a50a8671d90b6e3e1d920f8fa1
-
SHA256
e5834378b6d0ac51f8fcd74b3f2fc5fd6924a3e5808548967602805acc9b68e1
-
SHA512
928c59123b32dfac2086e24d69ae54c5f0dfe990daa8d000f5a4d2c246680527cd4dbeb9ff0c31aabcc7689506e091e2655700a6696e48c16f38d9e2e2c5f228
-
SSDEEP
1572864:12tUZfmQpwDPqZWcyE/LEhq9FP6Zq9cjJyRXfXCZpcCeW3GCwb50lDpw:12ilDCPYDyWdyCMiGm7WFSaVpw
Malware Config
Targets
-
-
Target
Monolith Notes Setup.exe
-
Size
71.7MB
-
MD5
929ed5a3690fe8b2ababdc8eeb0375ca
-
SHA1
2471f1ed659805a50a8671d90b6e3e1d920f8fa1
-
SHA256
e5834378b6d0ac51f8fcd74b3f2fc5fd6924a3e5808548967602805acc9b68e1
-
SHA512
928c59123b32dfac2086e24d69ae54c5f0dfe990daa8d000f5a4d2c246680527cd4dbeb9ff0c31aabcc7689506e091e2655700a6696e48c16f38d9e2e2c5f228
-
SSDEEP
1572864:12tUZfmQpwDPqZWcyE/LEhq9FP6Zq9cjJyRXfXCZpcCeW3GCwb50lDpw:12ilDCPYDyWdyCMiGm7WFSaVpw
Score10/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-