General
-
Target
Lana Rhoades - Linkvertise Downloader.zip
-
Size
11.6MB
-
Sample
230727-nhrfeseh2y
-
MD5
f7a0b856e315e4b30ffd1abcbd9de65f
-
SHA1
aa3cd517b3e9fd0908dd943539589d99be13114b
-
SHA256
2330868edf3034218a8c7b9f262d199d768ed4c4321200e4976a4dfe577da977
-
SHA512
bc76d7c79a47beb421fada4741bac74038e68ad650325e253147ce07a5d6d3d672699e0d384129629e0e0c36a4da16c5179213e1da2e15f8a96786481a6674ff
-
SSDEEP
196608:XiRu3GRp0YvcFLVBHs7wklhuSKpbpiTwmCAj2qJNWUySvgMbkWRz:SvvEBMMkaNpbUT7CAaQmSvPIK
Static task
static1
Behavioral task
behavioral1
Sample
Lana Rhoades - Linkvertise Downloader.zip
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
Lana Rhoades - Linkvertise Downloader.zip
-
Size
11.6MB
-
MD5
f7a0b856e315e4b30ffd1abcbd9de65f
-
SHA1
aa3cd517b3e9fd0908dd943539589d99be13114b
-
SHA256
2330868edf3034218a8c7b9f262d199d768ed4c4321200e4976a4dfe577da977
-
SHA512
bc76d7c79a47beb421fada4741bac74038e68ad650325e253147ce07a5d6d3d672699e0d384129629e0e0c36a4da16c5179213e1da2e15f8a96786481a6674ff
-
SSDEEP
196608:XiRu3GRp0YvcFLVBHs7wklhuSKpbpiTwmCAj2qJNWUySvgMbkWRz:SvvEBMMkaNpbUT7CAaQmSvPIK
Score9/10-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-