General
-
Target
kaspersky4win202121.6.7.351en_33704.exe
-
Size
3.6MB
-
Sample
220520-qwbm8shbal
-
MD5
d22579c4d6f351c59ad338e69bda18ba
-
SHA1
7f2c6cfdbb9b536d9bced67db491c293c153b470
-
SHA256
448a4c6974bdd870938875f1123295230cbeff6540dbb4f2c4836778e2118773
-
SHA512
c5b34d6efef8278cc71d39f5730c412a0d9b07c9d2790eaada6b5a37022aabd460362fb531680e2ec8383693fe5ee7b669138e9d25043fde92b2c6e5ea17b1f7
Malware Config
Targets
-
-
Target
kaspersky4win202121.6.7.351en_33704.exe
-
Size
3.6MB
-
MD5
d22579c4d6f351c59ad338e69bda18ba
-
SHA1
7f2c6cfdbb9b536d9bced67db491c293c153b470
-
SHA256
448a4c6974bdd870938875f1123295230cbeff6540dbb4f2c4836778e2118773
-
SHA512
c5b34d6efef8278cc71d39f5730c412a0d9b07c9d2790eaada6b5a37022aabd460362fb531680e2ec8383693fe5ee7b669138e9d25043fde92b2c6e5ea17b1f7
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-