1f4f7b787ee329059e4de4487ba5c17c7c6ca3be95b72c9873fc9380632fa1f9 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

WorldBox G...m1.exe

windows7-x64

6

WorldBox G...m1.exe

windows10-2004-x64

9

Sharing

General

Target

WorldBox God Simulator_o-q6fm1.exe
Size

13.8MB
Sample

230720-ve4d5shf27
MD5

98f37b09dadc616079b92a6c5afdd066
SHA1

b55932b9c10046cfccde0210d5da29f3e5b2afb9
SHA256

1f4f7b787ee329059e4de4487ba5c17c7c6ca3be95b72c9873fc9380632fa1f9
SHA512

6e45a6fe9d35350be799fa95d7aa12a960695d94dd99ff581c17685b94c1e8b4ba618dc5d3932a7e0ce63c676471caeb6bc2ee40e1c644ae7848bf0db286a26f
SSDEEP

196608:0j6kU9NYlObEk0Lp2dd/kZzkmxgy9NSW7I7GIXSpINbhiTGIwTh3kC3uDEN9TrSh:mLSN30LpEiSCC9XSpIFwah3RuINhkUU

Score

9^/10

coreentity discovery evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

WorldBox God Simulator_o-q6fm1.exe

Resource

win7-20230712-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

WorldBox God Simulator_o-q6fm1.exe

Resource

win10v2004-20230703-en

coreentity discovery evasion persistence

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  WorldBox God Simulator_o-q6fm1.exe
- Size
  
  13.8MB
- MD5
  
  98f37b09dadc616079b92a6c5afdd066
- SHA1
  
  b55932b9c10046cfccde0210d5da29f3e5b2afb9
- SHA256
  
  1f4f7b787ee329059e4de4487ba5c17c7c6ca3be95b72c9873fc9380632fa1f9
- SHA512
  
  6e45a6fe9d35350be799fa95d7aa12a960695d94dd99ff581c17685b94c1e8b4ba618dc5d3932a7e0ce63c676471caeb6bc2ee40e1c644ae7848bf0db286a26f
- SSDEEP
  
  196608:0j6kU9NYlObEk0Lp2dd/kZzkmxgy9NSW7I7GIXSpINbhiTGIwTh3kC3uDEN9TrSh:mLSN30LpEiSCC9XSpIFwah3RuINhkUU
Score

9^/10

coreentity discovery evasion persistence
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Checks for any installed AV software in registry
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Software Discovery

Security Software Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

coreentitydiscoveryevasionpersistence

© 2018-2024

Terms | Privacy