4f2008007e37a831c0198f631a90d1bd654054aab269aefc4fe9b1600bdc6a8b | Triage

Submit
Reports

Overview

overview

9

Static

static

1

pdn.html

windows7-x64

7

pdn.html

windows10-2004-x64

Sharing

General

Target

pdn.html
Size

5KB
Sample

230228-yk2dhsch67
MD5

23b31833a31dcb7a9409b68f3c36b6d4
SHA1

70bb69f180320dda3e79a5d2626a1b22b0d22009
SHA256

4f2008007e37a831c0198f631a90d1bd654054aab269aefc4fe9b1600bdc6a8b
SHA512

c85c8fe434a514d06a0c554721874e1f1b189a4a390669f0c254ac7f65b5e313bb4e40d179ea52e5bcdcedc0e57c85470968770f19cab72ff7eea305f999cdb8
SSDEEP

96:DBRUO0qOEZp+jAZbzbnR8hQMwMZAYcIVVCJmqeSLSTfS/STQwBdSTCPC2yyk/lkq:Xd46TnShQMwMRkmqb2eKJqmPC2KXqTCR

Score

9^/10

coreentity discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

pdn.html

Resource

win7-20230220-en

windows7-x64

10 signatures

1800 seconds

Behavioral task

behavioral2

Sample

pdn.html

Resource

win10v2004-20230220-en

coreentity discovery evasion persistence trojan

windows10-2004-x64

27 signatures

1800 seconds

Malware Config

Targets

- Target
  
  pdn.html
- Size
  
  5KB
- MD5
  
  23b31833a31dcb7a9409b68f3c36b6d4
- SHA1
  
  70bb69f180320dda3e79a5d2626a1b22b0d22009
- SHA256
  
  4f2008007e37a831c0198f631a90d1bd654054aab269aefc4fe9b1600bdc6a8b
- SHA512
  
  c85c8fe434a514d06a0c554721874e1f1b189a4a390669f0c254ac7f65b5e313bb4e40d179ea52e5bcdcedc0e57c85470968770f19cab72ff7eea305f999cdb8
- SSDEEP
  
  96:DBRUO0qOEZp+jAZbzbnR8hQMwMZAYcIVVCJmqeSLSTfS/STQwBdSTCPC2yyk/lkq:Xd46TnShQMwMRkmqb2eKJqmPC2KXqTCR
Score

9^/10

coreentity discovery evasion persistence trojan
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

coreentitydiscoveryevasionpersistencetrojan

© 2018-2024

Terms | Privacy