Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

g1wxxdmz.exe
Size

1MB
Sample

230312-nds4fsdf47
MD5

3ee020029ff565966fcaa7945046ba2e
SHA1

e77da75107a3b45226fcae0ab9f1be2ab678005b
SHA256

1f1b5c216688dca0d9e9dbabde3325226e064ce2a1534e86bd0c00785f37eeab
SHA512

d070d20ee6b1b8b4c9407bc3f6cd6acd2e3d71e303ce94eedfb24ab4acec79d58cebb4dec379b18d17915c64030dffd1bbcaa0d24568fa9af3fe2ca5c49b9386
SSDEEP

49152:56lLXnSXQIYzUbB54moWOdv38hsy7JQ6AnxDGfF:56l2gDzU954QgEhDNQtnxqt

Score

9^/10

coreentity discovery persistence

Malware Config

Targets

- Target
  
  g1wxxdmz.exe
- Size
  
  1MB
- MD5
  
  3ee020029ff565966fcaa7945046ba2e
- SHA1
  
  e77da75107a3b45226fcae0ab9f1be2ab678005b
- SHA256
  
  1f1b5c216688dca0d9e9dbabde3325226e064ce2a1534e86bd0c00785f37eeab
- SHA512
  
  d070d20ee6b1b8b4c9407bc3f6cd6acd2e3d71e303ce94eedfb24ab4acec79d58cebb4dec379b18d17915c64030dffd1bbcaa0d24568fa9af3fe2ca5c49b9386
- SSDEEP
  
  49152:56lLXnSXQIYzUbB54moWOdv38hsy7JQ6AnxDGfF:56l2gDzU954QgEhDNQtnxqt
Score

9^/10

coreentity discovery persistence
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

T1112

Install Root Certificate

Discovery

Query Registry

T1012

System Information Discovery

T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Tasks

static1

behavioral1

coreentitydiscoverypersistence

behavioral2