8fb453bf498acb05af9e0a442f26029cd6c5a3d68431fdff7fc385faf1541b96 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

MEmu-setup...dk.exe

windows7-x64

8

MEmu-setup...dk.exe

windows10-2004-x64

9

Sharing

General

Target

MEmu-setup-abroad-sdk.exe
Size

20.0MB
Sample

230701-eh4ajsfe49
MD5

581da0f19ef8388a0ba331ce0a617aaf
SHA1

e050d686c3c5972aaf1a4fdec299e764ef9873eb
SHA256

8fb453bf498acb05af9e0a442f26029cd6c5a3d68431fdff7fc385faf1541b96
SHA512

091a019846f2bf431ba7231ebe711d856f0839527c5dd68d59fa91cf22ddfffc7e3ad395ab4bd8b0f9fb90721872c9e2cc4428cb5dc8dd7fd137ff8dc2bb0943
SSDEEP

393216:qpsmQyK0QtLJsv6tWKFdu9CnvUiOnKv647n+YlmYsp:qslbbDfvegmt

Score

9^/10

bootkit coreentity discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

MEmu-setup-abroad-sdk.exe

Resource

win7-20230621-en

bootkit discovery persistence

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

MEmu-setup-abroad-sdk.exe

Resource

win10v2004-20230621-en

coreentity discovery persistence

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  MEmu-setup-abroad-sdk.exe
- Size
  
  20.0MB
- MD5
  
  581da0f19ef8388a0ba331ce0a617aaf
- SHA1
  
  e050d686c3c5972aaf1a4fdec299e764ef9873eb
- SHA256
  
  8fb453bf498acb05af9e0a442f26029cd6c5a3d68431fdff7fc385faf1541b96
- SHA512
  
  091a019846f2bf431ba7231ebe711d856f0839527c5dd68d59fa91cf22ddfffc7e3ad395ab4bd8b0f9fb90721872c9e2cc4428cb5dc8dd7fd137ff8dc2bb0943
- SSDEEP
  
  393216:qpsmQyK0QtLJsv6tWKFdu9CnvUiOnKv647n+YlmYsp:qslbbDfvegmt
Score

9^/10

bootkit discovery persistence coreentity
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Security Software Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

coreentitydiscoverypersistence

© 2018-2024

Terms | Privacy