General
-
Target
pdn.html
-
Size
5KB
-
Sample
230228-yk2dhsch67
-
MD5
23b31833a31dcb7a9409b68f3c36b6d4
-
SHA1
70bb69f180320dda3e79a5d2626a1b22b0d22009
-
SHA256
4f2008007e37a831c0198f631a90d1bd654054aab269aefc4fe9b1600bdc6a8b
-
SHA512
c85c8fe434a514d06a0c554721874e1f1b189a4a390669f0c254ac7f65b5e313bb4e40d179ea52e5bcdcedc0e57c85470968770f19cab72ff7eea305f999cdb8
-
SSDEEP
96:DBRUO0qOEZp+jAZbzbnR8hQMwMZAYcIVVCJmqeSLSTfS/STQwBdSTCPC2yyk/lkq:Xd46TnShQMwMRkmqb2eKJqmPC2KXqTCR
Malware Config
Targets
-
-
Target
pdn.html
-
Size
5KB
-
MD5
23b31833a31dcb7a9409b68f3c36b6d4
-
SHA1
70bb69f180320dda3e79a5d2626a1b22b0d22009
-
SHA256
4f2008007e37a831c0198f631a90d1bd654054aab269aefc4fe9b1600bdc6a8b
-
SHA512
c85c8fe434a514d06a0c554721874e1f1b189a4a390669f0c254ac7f65b5e313bb4e40d179ea52e5bcdcedc0e57c85470968770f19cab72ff7eea305f999cdb8
-
SSDEEP
96:DBRUO0qOEZp+jAZbzbnR8hQMwMZAYcIVVCJmqeSLSTfS/STQwBdSTCPC2yyk/lkq:Xd46TnShQMwMRkmqb2eKJqmPC2KXqTCR
Score9/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Discovery
Query Registry
6System Information Discovery
6Peripheral Device Discovery
2Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Registry Run Keys / Startup Folder
1Privilege Escalation