Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

Monolith Notes Setup.exe
Size

71MB
Sample

221020-v8n7bafgg5
MD5

929ed5a3690fe8b2ababdc8eeb0375ca
SHA1

2471f1ed659805a50a8671d90b6e3e1d920f8fa1
SHA256

e5834378b6d0ac51f8fcd74b3f2fc5fd6924a3e5808548967602805acc9b68e1
SHA512

928c59123b32dfac2086e24d69ae54c5f0dfe990daa8d000f5a4d2c246680527cd4dbeb9ff0c31aabcc7689506e091e2655700a6696e48c16f38d9e2e2c5f228
SSDEEP

1572864:12tUZfmQpwDPqZWcyE/LEhq9FP6Zq9cjJyRXfXCZpcCeW3GCwb50lDpw:12ilDCPYDyWdyCMiGm7WFSaVpw

Score

10^/10

coreentity discovery

Malware Config

Targets

- Target
  
  Monolith Notes Setup.exe
- Size
  
  71MB
- MD5
  
  929ed5a3690fe8b2ababdc8eeb0375ca
- SHA1
  
  2471f1ed659805a50a8671d90b6e3e1d920f8fa1
- SHA256
  
  e5834378b6d0ac51f8fcd74b3f2fc5fd6924a3e5808548967602805acc9b68e1
- SHA512
  
  928c59123b32dfac2086e24d69ae54c5f0dfe990daa8d000f5a4d2c246680527cd4dbeb9ff0c31aabcc7689506e091e2655700a6696e48c16f38d9e2e2c5f228
- SSDEEP
  
  1572864:12tUZfmQpwDPqZWcyE/LEhq9FP6Zq9cjJyRXfXCZpcCeW3GCwb50lDpw:12ilDCPYDyWdyCMiGm7WFSaVpw
Score

10^/10

coreentity discovery
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

T1012

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

coreentitydiscovery