General
-
Target
df2c30b656736db75a14747f344d78b6b176434ef09dc55ec0a074089bbdad02
-
Size
978KB
-
Sample
210511-kwgh8mlaxs
-
MD5
4e7d0d586916391e3fc0db565ea914fb
-
SHA1
a318f2992a662c6798d65264e4dab218ba050051
-
SHA256
df2c30b656736db75a14747f344d78b6b176434ef09dc55ec0a074089bbdad02
-
SHA512
b48841516cfbeddde6cf3a58bc2784f704a39d34882dcec7a07ca0ed293856055405ec7aa088049747fe959899d91836e46d94029bd933fa09776a8e9aae7eff
Static task
static1
Behavioral task
behavioral1
Sample
df2c30b656736db75a14747f344d78b6b176434ef09dc55ec0a074089bbdad02.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
df2c30b656736db75a14747f344d78b6b176434ef09dc55ec0a074089bbdad02.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
df2c30b656736db75a14747f344d78b6b176434ef09dc55ec0a074089bbdad02
-
Size
978KB
-
MD5
4e7d0d586916391e3fc0db565ea914fb
-
SHA1
a318f2992a662c6798d65264e4dab218ba050051
-
SHA256
df2c30b656736db75a14747f344d78b6b176434ef09dc55ec0a074089bbdad02
-
SHA512
b48841516cfbeddde6cf3a58bc2784f704a39d34882dcec7a07ca0ed293856055405ec7aa088049747fe959899d91836e46d94029bd933fa09776a8e9aae7eff
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-