C0R568012T61695900[.]eml | Triage

Sharing

Copy URL Twitter E-mail

General

Target

C0R568012T61695900.eml
Size

1.2MB
MD5

c8db0b942d09a36f86f275c2f943bcee
SHA1

fea8d916e4b762fc70fcf6d12e50ff2bee272a2b
SHA256

06935e31411e26220cb93b9ea62bae8e483dc6529cf24c5c165caf278fee0265
SHA512

35211949dc80aac1fa61abde75b96707311300ea7ce77053a0b2a098c42b9ffb1cd9850429a14ec3433bf286fb35df219d24d7baf56d54c7b9dc009470d78d6b
SSDEEP

24576:Pulyoo44Ydlqs8iYiNEYaYrtEsnSfYOoOpFboFU:PuJTiisCEYAptp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/PO-000172483.exe

Files

C0R568012T61695900.eml
.eml
- http://www.lappgroup.ae
- http://www.lappgroup.com/
- http://www.xn--elapp-gu3b.me.com
- https://lappmiddleeast.lappgroup.com/industries/industrial-communication/ethernet/single-pair-ethernet.html
PO-000172483.rar
.rar
PO-000172483.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WGR.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 884KB - Virtual size: 884KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
email-html-2.txt
.html
email-plain-1.txt
image321046.png
.png
image650885.png
.png