General
-
Target
5613df6880c7fdbdb30f4aabe897e2d395f853499bbe564ddb6cd5530e1bdbf4
-
Size
738KB
-
Sample
220516-p469faccd9
-
MD5
10827f112b36e0039e59db744ea38bed
-
SHA1
bb4853be41ef73f805194da5ddb67dbb30edd74f
-
SHA256
5613df6880c7fdbdb30f4aabe897e2d395f853499bbe564ddb6cd5530e1bdbf4
-
SHA512
28d812828dc3a9a952301ba3bcb956b190af956871f72ee37bd74f45b29f64c34a6914dbc7edf0441367eb1d73a59686e91e96a5a3673b2c847f3024f464fe33
Static task
static1
Behavioral task
behavioral1
Sample
5613df6880c7fdbdb30f4aabe897e2d395f853499bbe564ddb6cd5530e1bdbf4.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5613df6880c7fdbdb30f4aabe897e2d395f853499bbe564ddb6cd5530e1bdbf4.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
5613df6880c7fdbdb30f4aabe897e2d395f853499bbe564ddb6cd5530e1bdbf4
-
Size
738KB
-
MD5
10827f112b36e0039e59db744ea38bed
-
SHA1
bb4853be41ef73f805194da5ddb67dbb30edd74f
-
SHA256
5613df6880c7fdbdb30f4aabe897e2d395f853499bbe564ddb6cd5530e1bdbf4
-
SHA512
28d812828dc3a9a952301ba3bcb956b190af956871f72ee37bd74f45b29f64c34a6914dbc7edf0441367eb1d73a59686e91e96a5a3673b2c847f3024f464fe33
Score10/10-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-