Overview

overview

9

Static

static

1

paint.net....ll.exe

windows10-1703-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    paint.net.4.0.install.exe

  • Size

    6.0MB

  • Sample

    230603-c8kvsafc36

  • MD5

    97ebb79a9721d8025e6659df039aea42

  • SHA1

    db08d3443cf80444ff88641697af1e377c37f3f6

  • SHA256

    026d3f716835cf62c173491424a03002dd6ddda6b04a42b0e8c114257cdd7061

  • SHA512

    229d0164dce78c392303d1b8beb644909e870a577c4153f8e79a30607595b9a39ce40305b217d84917d18840f9835981c24802fb50f7c3336764f6c5eec11ce2

  • SSDEEP

    98304:SHi1WlQj2MkiGNXjvcClj2oAQT49u/LWUKJfKRiROkjEieeGnHnF4ddOpOi2LNW0:Zf2MkVZLlvAQT49uCUKJfKRejZED6

Score
9/10
coreentitydiscoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      paint.net.4.0.install.exe

    • Size

      6.0MB

    • MD5

      97ebb79a9721d8025e6659df039aea42

    • SHA1

      db08d3443cf80444ff88641697af1e377c37f3f6

    • SHA256

      026d3f716835cf62c173491424a03002dd6ddda6b04a42b0e8c114257cdd7061

    • SHA512

      229d0164dce78c392303d1b8beb644909e870a577c4153f8e79a30607595b9a39ce40305b217d84917d18840f9835981c24802fb50f7c3336764f6c5eec11ce2

    • SSDEEP

      98304:SHi1WlQj2MkiGNXjvcClj2oAQT49u/LWUKJfKRiROkjEieeGnHnF4ddOpOi2LNW0:Zf2MkVZLlvAQT49uCUKJfKRejZED6

    Score
    9/10
    coreentitydiscoveryevasionpersistencetrojan

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks