General
-
Target
paint.net.5.0.6.install.anycpu.web.zip
-
Size
734KB
-
Sample
230531-prba8seh96
-
MD5
4091d76527b48ee601bb6fb948c77177
-
SHA1
83a65b3f84876a52edce1304d188a454e027372f
-
SHA256
a1610aadbe46ecc5edaab820bb734e3a3e96a69fe143777e7a03d7543fa99b19
-
SHA512
ed3a24a2b1c002ecc106cc09308f238a36aac2d7979c74d92458cf0530e06c72aa5dae638e67f04c94d43a13690a3b34ee23ed2f45d003466fb7aa2d552e17c6
-
SSDEEP
12288:2qt3EiWggyHCOWTuDsNb8FQAjkewJDwD63KC0duigu+SCUsIOVPd++Xisld6ThqQ:2qtUi+ulWTuDsNb8HkhdKC0dulum+cj0
Malware Config
Targets
-
-
Target
paint.net.5.0.6.install.anycpu.web.exe
-
Size
1.1MB
-
MD5
ad52908c0129162b12c9ac3497032e7c
-
SHA1
11c2912e94b15c9fc28ce462a62bbbd2bb63fd54
-
SHA256
39211d308d7b2cf9a73f2fd86a3c6b0bddfb4aa1e07e91760bb1d34e045572b5
-
SHA512
bc3958687a6b9639bbddb07ea8c684dc2ccd210d7c04bed600c8598d1c3d2d3fdad2e23e9f51ec550224b1b9ecf08c48ae637feab5f23638d8a48d76a3230388
-
SSDEEP
24576:KcYYYYkKmCi9OVPcxWoxdIC0BuDgocCX65T:KcYYYYksi9OVPQhSDjok5T
Score9/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-