General
-
Target
paint.net.5.0.1.install.anycpu.web.zip
-
Size
734KB
-
Sample
230206-k1kh2sda29
-
MD5
0605f48c626b1bf8b620983839be9952
-
SHA1
bc30d2cade333e6070f36665ec31387e3dbf21b6
-
SHA256
af3d6f0d1e0fe6c116c91e86b045994a26123a3da101d92f05e232add071a7cb
-
SHA512
99b1d0486aab0410fbbae3cb4dd5f5bf027ae1a64580aae56c6fe4d92dcafb199d649b0a97da60f4ff659094239e0cf9aca9d02a8bf82a91c1ebcdc5ff990085
-
SSDEEP
12288:SRWOYbY9Z+8OrAi7jVl1U4PmCApui+s+YCumI4khEnEYa/PxwNC:SrYbmZp9g1PmCApu3OPDY2xwNC
Malware Config
Targets
-
-
Target
paint.net.5.0.1.install.anycpu.web.exe
-
Size
1MB
-
MD5
29d86c3800325e8db85d559a126958b0
-
SHA1
6a06773bd7b76103c231dad8bb751d5db157c2e7
-
SHA256
de7659f337aa53a731d4c89f5a331869327280325a52c80db11a5829686c09d0
-
SHA512
5b9053151acfbf7584438fb1436fbbbc7ea07701c5d20e3ae9bac488252b0896cb18e9d5d4f5762a6282f60810400c5bc734598af0151f1594ad307cf95b2521
-
SSDEEP
24576:HrYYYYkWYCzwLhA29pQyIbsIC0BuDgRtIyxwNJ:HrYYYYkvLhA29pmZDj0yxOJ
Score9/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Discovery
Query Registry
4System Information Discovery
4Peripheral Device Discovery
2Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation