General
-
Target
WorldBox God Simulator_o-q6fm1.exe
-
Size
13.8MB
-
Sample
230720-ve4d5shf27
-
MD5
98f37b09dadc616079b92a6c5afdd066
-
SHA1
b55932b9c10046cfccde0210d5da29f3e5b2afb9
-
SHA256
1f4f7b787ee329059e4de4487ba5c17c7c6ca3be95b72c9873fc9380632fa1f9
-
SHA512
6e45a6fe9d35350be799fa95d7aa12a960695d94dd99ff581c17685b94c1e8b4ba618dc5d3932a7e0ce63c676471caeb6bc2ee40e1c644ae7848bf0db286a26f
-
SSDEEP
196608:0j6kU9NYlObEk0Lp2dd/kZzkmxgy9NSW7I7GIXSpINbhiTGIwTh3kC3uDEN9TrSh:mLSN30LpEiSCC9XSpIFwah3RuINhkUU
Static task
static1
Behavioral task
behavioral1
Sample
WorldBox God Simulator_o-q6fm1.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
WorldBox God Simulator_o-q6fm1.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
WorldBox God Simulator_o-q6fm1.exe
-
Size
13.8MB
-
MD5
98f37b09dadc616079b92a6c5afdd066
-
SHA1
b55932b9c10046cfccde0210d5da29f3e5b2afb9
-
SHA256
1f4f7b787ee329059e4de4487ba5c17c7c6ca3be95b72c9873fc9380632fa1f9
-
SHA512
6e45a6fe9d35350be799fa95d7aa12a960695d94dd99ff581c17685b94c1e8b4ba618dc5d3932a7e0ce63c676471caeb6bc2ee40e1c644ae7848bf0db286a26f
-
SSDEEP
196608:0j6kU9NYlObEk0Lp2dd/kZzkmxgy9NSW7I7GIXSpINbhiTGIwTh3kC3uDEN9TrSh:mLSN30LpEiSCC9XSpIFwah3RuINhkUU
Score9/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Creates new service(s)
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks for any installed AV software in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Subvert Trust Controls
1Install Root Certificate
1Modify Registry
1