General
-
Target
82bb1809904786afc0c13abec22a48b320581ec913bf5bbdddd02fce05ef77e8
-
Size
602KB
-
Sample
220215-nyxblsfgcn
-
MD5
3acdcdee17825753cacc8dfd414e57d3
-
SHA1
269fcb1ae5794190e1cecdf96b1eaa41188dc2a6
-
SHA256
82bb1809904786afc0c13abec22a48b320581ec913bf5bbdddd02fce05ef77e8
-
SHA512
ab700397a9925958914a82d8e02dbbe6e1981980e44dbd982fed3f3d443f6610313e59810e0297ca27542e7b686c9a4340ef8fdb6ec9d24ff5e8437aa4cccd69
Static task
static1
Behavioral task
behavioral1
Sample
82bb1809904786afc0c13abec22a48b320581ec913bf5bbdddd02fce05ef77e8.exe
Resource
win7-en-20211208
Malware Config
Targets
-
-
Target
82bb1809904786afc0c13abec22a48b320581ec913bf5bbdddd02fce05ef77e8
-
Size
602KB
-
MD5
3acdcdee17825753cacc8dfd414e57d3
-
SHA1
269fcb1ae5794190e1cecdf96b1eaa41188dc2a6
-
SHA256
82bb1809904786afc0c13abec22a48b320581ec913bf5bbdddd02fce05ef77e8
-
SHA512
ab700397a9925958914a82d8e02dbbe6e1981980e44dbd982fed3f3d443f6610313e59810e0297ca27542e7b686c9a4340ef8fdb6ec9d24ff5e8437aa4cccd69
-
Adds autorun key to be loaded by Explorer.exe on startup
-
Modifies firewall policy service
-
Modifies security service
-
Modifies system executable filetype association
-
Disables Task Manager via registry modification
-
Modifies Installed Components in the registry
-
Possible privilege escalation attempt
-
Registers new Print Monitor
-
Sets file execution options in registry
-
Modifies file permissions
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-