Overview

overview

9

Static

static

1

Filestar.2...hC.exe

windows10-1703-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Filestar.22.0.9.0.win-x64.cc4hC.exe

  • Size

    19MB

  • Sample

    230222-1e1wxadf78

  • MD5

    b28ed75d3f69f69d2b2850f94db7b6c9

  • SHA1

    6395651747ac8bdde1aaad3e263002ef9409a184

  • SHA256

    38662529ae534c9d549996f405ac9b8fdadee0c8b5cbefd99524a638bd0b9a15

  • SHA512

    1a17725507a0a7751e249deb0d049bb2c1036e1d0e4c642d97c5ba581fec0551bdf1d3a208fd02096596c449967507aa8c7e3fd8023921e59579a071b11fde11

  • SSDEEP

    393216:Dhn5QEJMIhBOwpyZSAN8cEUw8IQhEu2aOn9Ks2xshnUqjtp47f2Jir:tn5QEJMIj1aVZYxQUn9Kshjtp472

Score
9/10
coreentitydiscovery

Malware Config

Targets

    • Target

      Filestar.22.0.9.0.win-x64.cc4hC.exe

    • Size

      19MB

    • MD5

      b28ed75d3f69f69d2b2850f94db7b6c9

    • SHA1

      6395651747ac8bdde1aaad3e263002ef9409a184

    • SHA256

      38662529ae534c9d549996f405ac9b8fdadee0c8b5cbefd99524a638bd0b9a15

    • SHA512

      1a17725507a0a7751e249deb0d049bb2c1036e1d0e4c642d97c5ba581fec0551bdf1d3a208fd02096596c449967507aa8c7e3fd8023921e59579a071b11fde11

    • SSDEEP

      393216:Dhn5QEJMIhBOwpyZSAN8cEUw8IQhEu2aOn9Ks2xshnUqjtp47f2Jir:tn5QEJMIj1aVZYxQUn9Kshjtp472

    Score
    9/10
    coreentitydiscovery

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks