Overview

overview

9

Static

static

1

Filestar.2...QL.exe

windows7-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Filestar.23.0.13.0.win-x64.DvgQL.exe

  • Size

    19.5MB

  • Sample

    230526-ka4t1afb4x

  • MD5

    17ff423a11de7b4f9d75f5b34982453a

  • SHA1

    f7af47f0019e7fa780ed9449f4155d277b2f91da

  • SHA256

    84db2274e64723614690ec6d69844879d54709e8680a10170da02269b3df7f4e

  • SHA512

    2c939dc460987c05c759d6f732a94895b09d990e826c7eb63f14563e12be69ac13782ed296a741581a09980e70d7a74835c1cd193213046650dd4889f21fd6a5

  • SSDEEP

    393216:6hn5QEJ2nYTOYz7yZF4MYUlX1kQ5nqE3UgofnLOmBDwYoJBVbZKZjNg2PFaV:cn5QEJn7yXU5LOQyVbZKpFa

Score
9/10
coreentitydiscovery

Malware Config

Targets

    • Target

      Filestar.23.0.13.0.win-x64.DvgQL.exe

    • Size

      19.5MB

    • MD5

      17ff423a11de7b4f9d75f5b34982453a

    • SHA1

      f7af47f0019e7fa780ed9449f4155d277b2f91da

    • SHA256

      84db2274e64723614690ec6d69844879d54709e8680a10170da02269b3df7f4e

    • SHA512

      2c939dc460987c05c759d6f732a94895b09d990e826c7eb63f14563e12be69ac13782ed296a741581a09980e70d7a74835c1cd193213046650dd4889f21fd6a5

    • SSDEEP

      393216:6hn5QEJ2nYTOYz7yZF4MYUlX1kQ5nqE3UgofnLOmBDwYoJBVbZKZjNg2PFaV:cn5QEJn7yXU5LOQyVbZKpFa

    Score
    9/10
    coreentitydiscovery

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks