Static task
static1
Behavioral task
behavioral1
Sample
loader.ps1
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
loader.ps1
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
payload.dll
Resource
win7-20231025-en
Behavioral task
behavioral4
Sample
payload.dll
Resource
win10v2004-20231023-en
General
-
Target
payload.7z
-
Size
446KB
-
MD5
283429abecad1f226b5f52872e1737cc
-
SHA1
68c37d2582149c2aa2b047fdafdd181a6b9b59a4
-
SHA256
2e2f209e83993c1902094d2451b721e2e872bc8735d404211510a3c5786c7888
-
SHA512
c1488c38cabe6e8f8806755c4495c47ad046b2cdeefaebc8e7b1a9315790783b4affac0a5fb48db8b8cdbcb92f0e22d975d7a39fe3fdc3c79ffd6b6831c6cb54
-
SSDEEP
12288:8toRl62sANNuHfshb3hidpH7Q2/oT5fh1IDuBg0rObgtiVnR:+90+H7Q2Y320r0pVnR
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/payload.dll
Files
-
payload.7z.7z
Password: infected
-
loader.ps1.ps1
-
payload.dll.dll windows:4 windows x86 arch:x86
Password: infected
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 492KB - Virtual size: 491KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 808B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ