2330868edf3034218a8c7b9f262d199d768ed4c4321200e4976a4dfe577da977 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

Lana Rhoad...er.zip

windows10-2004-x64

9

Sharing

General

Target

Lana Rhoades - Linkvertise Downloader.zip
Size

11.6MB
Sample

230727-nhrfeseh2y
MD5

f7a0b856e315e4b30ffd1abcbd9de65f
SHA1

aa3cd517b3e9fd0908dd943539589d99be13114b
SHA256

2330868edf3034218a8c7b9f262d199d768ed4c4321200e4976a4dfe577da977
SHA512

bc76d7c79a47beb421fada4741bac74038e68ad650325e253147ce07a5d6d3d672699e0d384129629e0e0c36a4da16c5179213e1da2e15f8a96786481a6674ff
SSDEEP

196608:XiRu3GRp0YvcFLVBHs7wklhuSKpbpiTwmCAj2qJNWUySvgMbkWRz:SvvEBMMkaNpbUT7CAaQmSvPIK

Score

9^/10

coreentity discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

Lana Rhoades - Linkvertise Downloader.zip

Resource

win10v2004-20230703-en

coreentity discovery persistence

windows10-2004-x64

24 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Lana Rhoades - Linkvertise Downloader.zip
- Size
  
  11.6MB
- MD5
  
  f7a0b856e315e4b30ffd1abcbd9de65f
- SHA1
  
  aa3cd517b3e9fd0908dd943539589d99be13114b
- SHA256
  
  2330868edf3034218a8c7b9f262d199d768ed4c4321200e4976a4dfe577da977
- SHA512
  
  bc76d7c79a47beb421fada4741bac74038e68ad650325e253147ce07a5d6d3d672699e0d384129629e0e0c36a4da16c5179213e1da2e15f8a96786481a6674ff
- SSDEEP
  
  196608:XiRu3GRp0YvcFLVBHs7wklhuSKpbpiTwmCAj2qJNWUySvgMbkWRz:SvvEBMMkaNpbUT7CAaQmSvPIK
Score

9^/10

coreentity discovery persistence
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Downloads MZ/PE file
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Software Discovery

Security Software Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

coreentitydiscoverypersistence

© 2018-2024

Terms | Privacy