General
-
Target
MEmu-setup-abroad-sdk.exe
-
Size
20.0MB
-
Sample
230701-eh4ajsfe49
-
MD5
581da0f19ef8388a0ba331ce0a617aaf
-
SHA1
e050d686c3c5972aaf1a4fdec299e764ef9873eb
-
SHA256
8fb453bf498acb05af9e0a442f26029cd6c5a3d68431fdff7fc385faf1541b96
-
SHA512
091a019846f2bf431ba7231ebe711d856f0839527c5dd68d59fa91cf22ddfffc7e3ad395ab4bd8b0f9fb90721872c9e2cc4428cb5dc8dd7fd137ff8dc2bb0943
-
SSDEEP
393216:qpsmQyK0QtLJsv6tWKFdu9CnvUiOnKv647n+YlmYsp:qslbbDfvegmt
Static task
static1
Behavioral task
behavioral1
Sample
MEmu-setup-abroad-sdk.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
MEmu-setup-abroad-sdk.exe
Resource
win10v2004-20230621-en
Malware Config
Targets
-
-
Target
MEmu-setup-abroad-sdk.exe
-
Size
20.0MB
-
MD5
581da0f19ef8388a0ba331ce0a617aaf
-
SHA1
e050d686c3c5972aaf1a4fdec299e764ef9873eb
-
SHA256
8fb453bf498acb05af9e0a442f26029cd6c5a3d68431fdff7fc385faf1541b96
-
SHA512
091a019846f2bf431ba7231ebe711d856f0839527c5dd68d59fa91cf22ddfffc7e3ad395ab4bd8b0f9fb90721872c9e2cc4428cb5dc8dd7fd137ff8dc2bb0943
-
SSDEEP
393216:qpsmQyK0QtLJsv6tWKFdu9CnvUiOnKv647n+YlmYsp:qslbbDfvegmt
Score9/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Creates new service(s)
-
Downloads MZ/PE file
-
Checks for any installed AV software in registry
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-