General
-
Target
PowerISO8.exe
-
Size
4.4MB
-
Sample
230707-vv9wvsac95
-
MD5
6de0b9deca77a1e3fc40e3dbaa1c5ecd
-
SHA1
e75d90e85cb8a20cf4e61cf7b3997248e9a9507c
-
SHA256
f02be373f3da7971daed34afe611241b9d2d5a0fec6ebf087228557c20e92d73
-
SHA512
73c91d0e6b67f361d4ed1b77a17c33f25b4965b7bedcf5537b4a5cb80a9152b6d98ac80b6d57d22ce8436c4a70eb88b7a211c0154a2639238ac9c185b5c75cb6
-
SSDEEP
98304:o6d2Ys647Fz6xd2jVbuZy9zz6PssMtc6XOoxzl7qBx0CV2DcthUh:o6EYs2suMKksTov+BqCVbIh
Static task
static1
Behavioral task
behavioral1
Sample
PowerISO8.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
PowerISO8.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
PowerISO8.exe
-
Size
4.4MB
-
MD5
6de0b9deca77a1e3fc40e3dbaa1c5ecd
-
SHA1
e75d90e85cb8a20cf4e61cf7b3997248e9a9507c
-
SHA256
f02be373f3da7971daed34afe611241b9d2d5a0fec6ebf087228557c20e92d73
-
SHA512
73c91d0e6b67f361d4ed1b77a17c33f25b4965b7bedcf5537b4a5cb80a9152b6d98ac80b6d57d22ce8436c4a70eb88b7a211c0154a2639238ac9c185b5c75cb6
-
SSDEEP
98304:o6d2Ys647Fz6xd2jVbuZy9zz6PssMtc6XOoxzl7qBx0CV2DcthUh:o6EYs2suMKksTov+BqCVbIh
Score9/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Creates new service(s)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks for any installed AV software in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-