General
-
Target
ltanalyzer_32r3.msi
-
Size
79.6MB
-
Sample
230713-psslxagf72
-
MD5
554addce31e172e00e2fc6ad5b638b3b
-
SHA1
5590cd152bc605e0ff512ad68d169aed60cde75d
-
SHA256
25aec3d6b872c0babd86953702263fd65c0c9f8e6f534b9ed17575cd11d37084
-
SHA512
269cf0037f09cfdd5b71007f07aad92464ca01b59c8ce684c9c85a183ecd1ae6a1c1d7a09405069ab7c64c2e0a313cf30e56b4e5ed628d63c5432844ab405ff1
-
SSDEEP
1572864:fpttD7y0/TXXjM1EZ9bvMZpbW+8t1PwSXvZALiiEc3otgYavxLwFQxNJRYRAPQFa:BDe0/TXXFvxt1PwSfWpEc4tGZOQfJCRw
Malware Config
Targets
-
-
Target
ltanalyzer_32r3.msi
-
Size
79.6MB
-
MD5
554addce31e172e00e2fc6ad5b638b3b
-
SHA1
5590cd152bc605e0ff512ad68d169aed60cde75d
-
SHA256
25aec3d6b872c0babd86953702263fd65c0c9f8e6f534b9ed17575cd11d37084
-
SHA512
269cf0037f09cfdd5b71007f07aad92464ca01b59c8ce684c9c85a183ecd1ae6a1c1d7a09405069ab7c64c2e0a313cf30e56b4e5ed628d63c5432844ab405ff1
-
SSDEEP
1572864:fpttD7y0/TXXjM1EZ9bvMZpbW+8t1PwSXvZALiiEc3otgYavxLwFQxNJRYRAPQFa:BDe0/TXXFvxt1PwSfWpEc4tGZOQfJCRw
Score9/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-