General
-
Target
rhino_en-us_7.29.23107.03001.exe
-
Size
293.3MB
-
Sample
230612-tpye7sde5w
-
MD5
a98cdb7c0f477d356997455b91ec0a83
-
SHA1
91b81bcc937779f65578b00303644469382ba6b8
-
SHA256
5b315a54591d573feb569d2471d8291351a552d4b3f2e35987bc93bee1218989
-
SHA512
f32c5a3c2bca72bcb8711c9f4edd0cd478d44dcdc7696005002a00b14bdcd37b689ee44e9d8e612e5b4307fa2d61e53430dc4eb202f2dcb326da4ed395f9ed04
-
SSDEEP
6291456:lj7SKgeBv0/wFJblMRI5c1ec1JSq5BTTUkP9DOJd9CgSKMfRxR:ljlqwpAI5c1eQvvTX9CTcWMnR
Static task
static1
Behavioral task
behavioral1
Sample
rhino_en-us_7.29.23107.03001.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
rhino_en-us_7.29.23107.03001.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
rhino_en-us_7.29.23107.03001.exe
-
Size
293.3MB
-
MD5
a98cdb7c0f477d356997455b91ec0a83
-
SHA1
91b81bcc937779f65578b00303644469382ba6b8
-
SHA256
5b315a54591d573feb569d2471d8291351a552d4b3f2e35987bc93bee1218989
-
SHA512
f32c5a3c2bca72bcb8711c9f4edd0cd478d44dcdc7696005002a00b14bdcd37b689ee44e9d8e612e5b4307fa2d61e53430dc4eb202f2dcb326da4ed395f9ed04
-
SSDEEP
6291456:lj7SKgeBv0/wFJblMRI5c1ec1JSq5BTTUkP9DOJd9CgSKMfRxR:ljlqwpAI5c1eQvvTX9CTcWMnR
Score9/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-