225e6f686c2fd1dd1c8dcde9d05ef701c42a0d333a8243ac7712edbba02a3d35 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

Play Roblox.lnk

windows7-x64

3

Play Roblox.lnk

windows10-2004-x64

9

Sharing

General

Target

Play Roblox.lnk
Size

1KB
Sample

230819-x265nadd3s
MD5

78e223542c671ab5460f74af32c5e5a3
SHA1

435a85bad3f4f934e11c17c7ecc6c16f70ef5e31
SHA256

225e6f686c2fd1dd1c8dcde9d05ef701c42a0d333a8243ac7712edbba02a3d35
SHA512

07dec8497f8d994e58d2739850a7ec0e0e221765c0f34ce385aca33d675ef16250d07ca5f86bf97bbadd9c58d57fada71be6c96609f1502cdc1b75e3a7ee1ab1

Score

9^/10

adware coreentity persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

Play Roblox.lnk

Resource

win7-20230712-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral2

Sample

Play Roblox.lnk

Resource

win10v2004-20230703-en

adware coreentity persistence stealer

windows10-2004-x64

26 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Play Roblox.lnk
- Size
  
  1KB
- MD5
  
  78e223542c671ab5460f74af32c5e5a3
- SHA1
  
  435a85bad3f4f934e11c17c7ecc6c16f70ef5e31
- SHA256
  
  225e6f686c2fd1dd1c8dcde9d05ef701c42a0d333a8243ac7712edbba02a3d35
- SHA512
  
  07dec8497f8d994e58d2739850a7ec0e0e221765c0f34ce385aca33d675ef16250d07ca5f86bf97bbadd9c58d57fada71be6c96609f1502cdc1b75e3a7ee1ab1
Score

9^/10

adware coreentity persistence stealer
- CoreEntity .NET Packer
  A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
  coreentity
- Downloads MZ/PE file
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

adwarecoreentitypersistencestealer

© 2018-2024

Terms | Privacy