General
-
Target
paint.net.5.0.1.install.anycpu.web.exe
-
Size
1.1MB
-
Sample
230212-sqettaec31
-
MD5
29d86c3800325e8db85d559a126958b0
-
SHA1
6a06773bd7b76103c231dad8bb751d5db157c2e7
-
SHA256
de7659f337aa53a731d4c89f5a331869327280325a52c80db11a5829686c09d0
-
SHA512
5b9053151acfbf7584438fb1436fbbbc7ea07701c5d20e3ae9bac488252b0896cb18e9d5d4f5762a6282f60810400c5bc734598af0151f1594ad307cf95b2521
-
SSDEEP
24576:HrYYYYkWYCzwLhA29pQyIbsIC0BuDgRtIyxwNJ:HrYYYYkvLhA29pmZDj0yxOJ
Malware Config
Targets
-
-
Target
paint.net.5.0.1.install.anycpu.web.exe
-
Size
1.1MB
-
MD5
29d86c3800325e8db85d559a126958b0
-
SHA1
6a06773bd7b76103c231dad8bb751d5db157c2e7
-
SHA256
de7659f337aa53a731d4c89f5a331869327280325a52c80db11a5829686c09d0
-
SHA512
5b9053151acfbf7584438fb1436fbbbc7ea07701c5d20e3ae9bac488252b0896cb18e9d5d4f5762a6282f60810400c5bc734598af0151f1594ad307cf95b2521
-
SSDEEP
24576:HrYYYYkWYCzwLhA29pQyIbsIC0BuDgRtIyxwNJ:HrYYYYkvLhA29pmZDj0yxOJ
Score9/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-