Overview

overview

9

Static

static

1

paint.net....64.exe

windows10-1703-x64

4

paint.net....64.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    paint.net.5.0.7.install.x64.zip

  • Size

    62.0MB

  • Sample

    230720-rw7w4shf4x

  • MD5

    44eab3670b8154adab3dda1ceee4611c

  • SHA1

    91d5e624c94d8b3ab972b141483884c3c415b54e

  • SHA256

    79ba9f22e360abcd48c0c806213f6a2ec29a8830fd20e2a185f9218e239fd874

  • SHA512

    1fbe9ae818837382f70090bda22367df3edb054ac7c7c228b9df3618759363cc4b76f476cf516dc5ad4c97205573d6fb0d9ad0a1dab36745a3f56cb6c95abd4b

  • SSDEEP

    1572864:WL9GYfh9u+C8KnNQONV87cbHkbVHo7dmZXlyz:WZFW8KzNVLbF7YXlyz

Score
9/10
coreentity

Malware Config

Targets

    • Target

      paint.net.5.0.7.install.x64.exe

    • Size

      62.3MB

    • MD5

      6f86aae6d0ae5f9528dbb3f0e79c6b18

    • SHA1

      b08e7584742aa1bfb0b4392137a5f5d5054c0407

    • SHA256

      66699c704e29cddea138939d15975d148c5579921d2644436e6288fd1ed952d6

    • SHA512

      e8188e775c6983c1486b0fbf12c816a8d0782ced4e28d2a6b70335998485a28689bbbe2fc0bb9a9f90f9b7c3607cadaaf54cd8e5fb2325ad99bb38a6be7e20eb

    • SSDEEP

      1572864:mXR4eDZdsOA4k35+yJ+Tmz9OXBVUp3W/Zl8D:mB1e4q1JZzZp8Zl8D

    Score
    9/10
    coreentity

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks