General
-
Target
b12c077a0b174ec520ee97ed50133a56c558d70824f6e575d98f3bfc70dc7990
-
Size
2.1MB
-
Sample
210509-gnkz9g3dzs
-
MD5
8cb056ad93b0008677ad173ee4cf56a8
-
SHA1
fc6d15dd797f57f986a38f7dfdd6022ff8cc3a8e
-
SHA256
b12c077a0b174ec520ee97ed50133a56c558d70824f6e575d98f3bfc70dc7990
-
SHA512
65c677c1d81f88e4bc632d63f6eaf0dde489005553aecb35662a710c5ae7d527356075d4cda7778e1cd4fd59368a82c72fa1d87693fdfd0aebb1ba0c8ee7f425
Malware Config
Targets
-
-
Target
b12c077a0b174ec520ee97ed50133a56c558d70824f6e575d98f3bfc70dc7990
-
Size
2.1MB
-
MD5
8cb056ad93b0008677ad173ee4cf56a8
-
SHA1
fc6d15dd797f57f986a38f7dfdd6022ff8cc3a8e
-
SHA256
b12c077a0b174ec520ee97ed50133a56c558d70824f6e575d98f3bfc70dc7990
-
SHA512
65c677c1d81f88e4bc632d63f6eaf0dde489005553aecb35662a710c5ae7d527356075d4cda7778e1cd4fd59368a82c72fa1d87693fdfd0aebb1ba0c8ee7f425
Score8/10-
Executes dropped EXE
-
Suspicious Office macro
Office document equipped with macros.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-