Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

PurpleKnight.exe.zip
Size

95MB
Sample

230113-ps2jtace8w
MD5

ae6085f9f1b9add89e333e475e033134
SHA1

9c03ba5aafd559d8b4041fd3e977aa2238bec8ee
SHA256

c1dec40348f597fdcbd4fcdcd6ddc12225f55d05e5194070622bc0e0cabec143
SHA512

9896ad3eff44db58e0cc3a5cc1e0a1a1bc44617b6463574daefdd1fa3e359781ed17b0251f61f32774b717a2e80a11fdf83ee861c926a5c822933834aa59d80f
SSDEEP

1572864:CiFZToRPe1RbDkB0vbd9oRa/1qbw51GqZQ1GC9PFNXz+LiVnH72rd7YR/rGpuZ1A:CGqR+HkB0rvf6GoPF9zRJH72E/rSU1MR

Score

10^/10

coreentity

Malware Config

Targets

- Target
  
  PurpleKnight.exe
- Size
  
  100MB
- MD5
  
  8c1579ee5fa7549a53180c3fe0cf2b91
- SHA1
  
  bb010d17cdd7b6ca6c99fd0b17ab11af94360595
- SHA256
  
  8b9e8326f25cfd8d1b9de0837232813216fc772523d102d43f1a1ed1ee1406fe
- SHA512
  
  38e3a46a94ae3449b1c07426e5a64bb6e48c18b509e52031945e5e20ae3b5f740b115c464114431357bf724d4fbb22512367499bf1867c3e4941c39a4c97a7a5
- SSDEEP
  
  3145728:sdPoQQ6ZLU91RWdeBzdnx2eU+vREzg2XhGjh:sdPox11D9Uz8P
Score

10^/10

coreentity
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

T1112

Install Root Certificate

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

behavioral2