General
-
Target
Kiwi X Keyless - Linkvertise Downloader_9T-NJy1.exe
-
Size
10.8MB
-
Sample
230717-ydv8xsfd41
-
MD5
fc30f38c629fbafcfd1f4a4895814c46
-
SHA1
e6b298591f7034463f603ede1573c8a198938b7f
-
SHA256
40e1b53fb04746ac4a0561f5ab781291069b90232215afc36320263308a28ec9
-
SHA512
74aba9bd29a9d6200f5b35a15f66c6edb57b3a8cfa24b3c04f2a90224d64bcda7564047a5f88698107aaf5e18c6d22bc6d8f5f3fdfdda2bb86aeb800d90e37d2
-
SSDEEP
196608:w38JJEU16hTZl583S0LJu+mzfDkzXJKUNWGJ3k2ZoXOM1ugha:Z1MlCC0Ybzf4zZKUok5oXN8x
Malware Config
Targets
-
-
Target
Kiwi X Keyless - Linkvertise Downloader_9T-NJy1.exe
-
Size
10.8MB
-
MD5
fc30f38c629fbafcfd1f4a4895814c46
-
SHA1
e6b298591f7034463f603ede1573c8a198938b7f
-
SHA256
40e1b53fb04746ac4a0561f5ab781291069b90232215afc36320263308a28ec9
-
SHA512
74aba9bd29a9d6200f5b35a15f66c6edb57b3a8cfa24b3c04f2a90224d64bcda7564047a5f88698107aaf5e18c6d22bc6d8f5f3fdfdda2bb86aeb800d90e37d2
-
SSDEEP
196608:w38JJEU16hTZl583S0LJu+mzfDkzXJKUNWGJ3k2ZoXOM1ugha:Z1MlCC0Ybzf4zZKUok5oXN8x
Score10/10-
Cobalt Strike reflective loader
Detects the reflective loader used by Cobalt Strike.
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-