General
-
Target
tmp
-
Size
12.0MB
-
Sample
220517-qsj57sfbcq
-
MD5
df6954981e91e7edac214fbacc452a96
-
SHA1
e826c4fd82563792315895b1fac558cbc75669d3
-
SHA256
4c197614f55315eb5832d46451e00b0157bffa76b6e1b2180104d2552448de8d
-
SHA512
c5168e2e77a93c37f29e0263672f24dc818a1d9f1d2b19064585ee30f2db489122b60c7bced2964b6b45358b68672f8589dc1cb9522e0d138c98ede787c48b89
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
tmp
-
Size
12.0MB
-
MD5
df6954981e91e7edac214fbacc452a96
-
SHA1
e826c4fd82563792315895b1fac558cbc75669d3
-
SHA256
4c197614f55315eb5832d46451e00b0157bffa76b6e1b2180104d2552448de8d
-
SHA512
c5168e2e77a93c37f29e0263672f24dc818a1d9f1d2b19064585ee30f2db489122b60c7bced2964b6b45358b68672f8589dc1cb9522e0d138c98ede787c48b89
Score9/10-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-