5234cd925873feff87965216e88adebaa7b9349383906bbd4a7c471f4023b6ba | Triage

Submit
Reports

Overview

overview

Static

static

BitlordSetup.exe

windows7-x64

8

BitlordSetup.exe

windows10-2004-x64

Sharing

General

Target

BitlordSetup.exe
Size

2.5MB
Sample

221228-ledztaaa94
MD5

bb7701d6da492352bb2ac2c86462d253
SHA1

339afb386d5667ce36528de65d6809582b9697b9
SHA256

5234cd925873feff87965216e88adebaa7b9349383906bbd4a7c471f4023b6ba
SHA512

6321c10d09f76fbc76761f3d52bc1892e3687d9cf3c49c3dc392587ebce54ba58eafde58ff5c9b707dfa9007ef4bf01dcbd12bd3cf8624c406a6548037054028
SSDEEP

49152:/qe3f6ZL+H98AHaCfu6TfO6VWqUvQaydU9VIL7pR:iSi5E9vBuyVZUqUVIL1R

Score

10^/10

coreentity discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

BitlordSetup.exe

Resource

win7-20221111-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

BitlordSetup.exe

Resource

win10v2004-20220901-en

coreentity discovery persistence

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  BitlordSetup.exe
- Size
  
  2.5MB
- MD5
  
  bb7701d6da492352bb2ac2c86462d253
- SHA1
  
  339afb386d5667ce36528de65d6809582b9697b9
- SHA256
  
  5234cd925873feff87965216e88adebaa7b9349383906bbd4a7c471f4023b6ba
- SHA512
  
  6321c10d09f76fbc76761f3d52bc1892e3687d9cf3c49c3dc392587ebce54ba58eafde58ff5c9b707dfa9007ef4bf01dcbd12bd3cf8624c406a6548037054028
- SSDEEP
  
  49152:/qe3f6ZL+H98AHaCfu6TfO6VWqUvQaydU9VIL7pR:iSi5E9vBuyVZUqUVIL1R
Score

10^/10

coreentity discovery persistence
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Privilege Escalation

New Service

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

coreentitydiscoverypersistence

© 2018-2024

Terms | Privacy