General
-
Target
8c6eef98839661d07d146aef292a886e35b40c546b6af699a7ebc6e49481e830
-
Size
1.7MB
-
Sample
220516-n2mlksadc9
-
MD5
cd39bf5cd8dcf1222df0d83f215815e8
-
SHA1
9f83113e68e74aa57085c3b4af1d06f0a665be0a
-
SHA256
8c6eef98839661d07d146aef292a886e35b40c546b6af699a7ebc6e49481e830
-
SHA512
c0575ed94f6591b924d73e56ff4fc05857b12ee8b46aaceacb35b68b7edbf8521d634f408a133d1640d41e28586b8d722eea0e56b387c42134380c3aed27d076
Static task
static1
Behavioral task
behavioral1
Sample
8c6eef98839661d07d146aef292a886e35b40c546b6af699a7ebc6e49481e830.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
8c6eef98839661d07d146aef292a886e35b40c546b6af699a7ebc6e49481e830.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
8c6eef98839661d07d146aef292a886e35b40c546b6af699a7ebc6e49481e830
-
Size
1.7MB
-
MD5
cd39bf5cd8dcf1222df0d83f215815e8
-
SHA1
9f83113e68e74aa57085c3b4af1d06f0a665be0a
-
SHA256
8c6eef98839661d07d146aef292a886e35b40c546b6af699a7ebc6e49481e830
-
SHA512
c0575ed94f6591b924d73e56ff4fc05857b12ee8b46aaceacb35b68b7edbf8521d634f408a133d1640d41e28586b8d722eea0e56b387c42134380c3aed27d076
Score9/10-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-