General

  • Target

    musconv.exe

  • Size

    156MB

  • Sample

    221222-cl33vadg32

  • MD5

    ffa234b96b8451250f232b65103ba466

  • SHA1

    2a7a02aca9e8418dfe0125f590b952f714ebe72f

  • SHA256

    d52b0bb766f8489d06d67519c602f68ffae98a7fef68cc24fef28c66bb3f2194

  • SHA512

    ba7a5015fb2530f714308afc53a4f905b76d16f054ff38bd1c8d8df6998f3c261ef285fdd754bc8a9838fc2b715b28e0c58c2247deb9f3110cc4d7e793c2201b

  • SSDEEP

    3145728:0CEY9VbCxcySzHaOfbCiefT0XPwkZ5Bv16pAkUHzeq6Pn2t+b5rB:19VbCxcy0b8TMwQn6pAtyP75r

Score
10/10

Malware Config

Targets

    • Target

      musconv.exe

    • Size

      156MB

    • MD5

      ffa234b96b8451250f232b65103ba466

    • SHA1

      2a7a02aca9e8418dfe0125f590b952f714ebe72f

    • SHA256

      d52b0bb766f8489d06d67519c602f68ffae98a7fef68cc24fef28c66bb3f2194

    • SHA512

      ba7a5015fb2530f714308afc53a4f905b76d16f054ff38bd1c8d8df6998f3c261ef285fdd754bc8a9838fc2b715b28e0c58c2247deb9f3110cc4d7e793c2201b

    • SSDEEP

      3145728:0CEY9VbCxcySzHaOfbCiefT0XPwkZ5Bv16pAkUHzeq6Pn2t+b5rB:19VbCxcy0b8TMwQn6pAtyP75r

    Score
    10/10
    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks