General
-
Target
36fe56519a798213116d5f7328fa81ef7c550f4f14c36e7f30c330bdd6d7d42e
-
Size
3.3MB
-
Sample
211122-ngbnksach7
-
MD5
c5ea00ea5973347d54d66f12fb5ee242
-
SHA1
9ce9fe05b746d949ac3095c7b8ed70a34948a0e5
-
SHA256
36fe56519a798213116d5f7328fa81ef7c550f4f14c36e7f30c330bdd6d7d42e
-
SHA512
a6061f6d4b22f3e6561da3e2e27bbdf6e0e9ec812c2e584812d9e684c7e9dfb54c6454a8d818e65d82d89aa17e45d95a15e64e88e8ff33eab6fa284a68a1fe0f
Static task
static1
Behavioral task
behavioral1
Sample
36fe56519a798213116d5f7328fa81ef7c550f4f14c36e7f30c330bdd6d7d42e.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
36fe56519a798213116d5f7328fa81ef7c550f4f14c36e7f30c330bdd6d7d42e.exe
Resource
win10-en-20211014
Malware Config
Extracted
C:\phLK_HOW_TO_DECRYPT.txt
hive
http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/
http://hivecust6vhekztbqgdnkks64ucehqacge3dij3gyrrpdp57zoq3ooqd.onion/
Targets
-
-
Target
36fe56519a798213116d5f7328fa81ef7c550f4f14c36e7f30c330bdd6d7d42e
-
Size
3.3MB
-
MD5
c5ea00ea5973347d54d66f12fb5ee242
-
SHA1
9ce9fe05b746d949ac3095c7b8ed70a34948a0e5
-
SHA256
36fe56519a798213116d5f7328fa81ef7c550f4f14c36e7f30c330bdd6d7d42e
-
SHA512
a6061f6d4b22f3e6561da3e2e27bbdf6e0e9ec812c2e584812d9e684c7e9dfb54c6454a8d818e65d82d89aa17e45d95a15e64e88e8ff33eab6fa284a68a1fe0f
-
Modifies security service
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-