General
-
Target
PowerISO8-x64.exe
-
Size
4.5MB
-
Sample
230801-r2lwtsgd85
-
MD5
95bf82bd5494bc133551400bebce98ff
-
SHA1
1b67264fd20689dfbe709ec9c38c39ef2a4592ab
-
SHA256
a185092d5e7b034583ad09ad4e0487d1c1b98be6bd62675435b05cf319e1e91e
-
SHA512
43344e37553f9a7aceb007b92589e70224298c82541399323b3b1c09bd33f1039fa703bbc1c05ad5e0b227274f7ec7abc826e875759ffb37322b2dcfc8448c77
-
SSDEEP
98304:M4U3zP091M3II17zlcXHqNxKPSepsYk5qGHsEBkSFBsb2Pw6Ie:M4gMM3IxXmsfk5qSsEVsSPw6X
Static task
static1
Behavioral task
behavioral1
Sample
PowerISO8-x64.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
PowerISO8-x64.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
PowerISO8-x64.exe
-
Size
4.5MB
-
MD5
95bf82bd5494bc133551400bebce98ff
-
SHA1
1b67264fd20689dfbe709ec9c38c39ef2a4592ab
-
SHA256
a185092d5e7b034583ad09ad4e0487d1c1b98be6bd62675435b05cf319e1e91e
-
SHA512
43344e37553f9a7aceb007b92589e70224298c82541399323b3b1c09bd33f1039fa703bbc1c05ad5e0b227274f7ec7abc826e875759ffb37322b2dcfc8448c77
-
SSDEEP
98304:M4U3zP091M3II17zlcXHqNxKPSepsYk5qGHsEBkSFBsb2Pw6Ie:M4gMM3IxXmsfk5qSsEVsSPw6X
Score10/10-
Cobalt Strike reflective loader
Detects the reflective loader used by Cobalt Strike.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
Creates new service(s)
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2