9100841237455418412447da8ddaa2bbb810577de6bb18179f2384cccd6ff614 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

paint.net....eb.exe

windows10-2004-x64

9

Sharing

General

Target

paint.net.5.0.3.install.anycpu.web.zip
Size

734KB
Sample

230408-prwl6sfc7v
MD5

834cbfa14264790676c0c33cf6d4bab0
SHA1

d91938fbd9c80be3328e6de4592587386de7a64d
SHA256

9100841237455418412447da8ddaa2bbb810577de6bb18179f2384cccd6ff614
SHA512

80bf90560ff8cff9119372f9261de35fc780a735603ebb3722f332afd53342fb0058bff759334eeed76eb1054392e3e171f6aee4487345c54278859020d9f384
SSDEEP

12288:SFXfC9IozOuG2uNf0hD6eq/gWeCxYGMxLQ3TWC2Lui+e+mCw6IaiY4Y+qM2waYp4:iXf3oKuG2umK/gjCxY9OWC2Lu54JY4Y/

Score

9^/10

coreentity discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

paint.net.5.0.3.install.anycpu.web.exe

Resource

win10v2004-20230220-en

coreentity discovery evasion persistence trojan

windows10-2004-x64

22 signatures

600 seconds

Malware Config

Targets

- Target
  
  paint.net.5.0.3.install.anycpu.web.exe
- Size
  
  1.1MB
- MD5
  
  7e736accc204ce002fcec6b5dc6214dd
- SHA1
  
  420464ab383313994b5534c72f7f2c0f7d509462
- SHA256
  
  ae41189fec1996afe1d193c606ddc228f0d24640ea01df77a626db75b2c29cb8
- SHA512
  
  5d838d7063f54a21584c3e379b59053731f5dcf0b6b03e5cd09498c613dfdd38d4257799d265bd4fad608efba67988e846fcab70adff066768fc4ac4cdcd2bfb
- SSDEEP
  
  24576:nLYYYYkv0+qcSSu29odPoagtIC0BuDgtYiY+kM7p1kz6I:nLYYYYkvSSu29oQiDjMMV1e
Score

9^/10

coreentity discovery evasion persistence trojan
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

coreentitydiscoveryevasionpersistencetrojan

© 2018-2024

Terms | Privacy