General
-
Target
5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07
-
Size
2.6MB
-
Sample
220524-1me96sdabq
-
MD5
f94711a2952c01ce9bcaf36817c2b0bc
-
SHA1
f084c4650bc662f642859e580ec53d2f260dc8b4
-
SHA256
5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07
-
SHA512
239aee19e7de6a952b0de7bea4783ad07a11cf8cf635647a7b132c071957fcfc5bd97a8c74bc400be7167a01e4fb37451a0d0c52de94eb9b7341ee62ffd0291d
Static task
static1
Behavioral task
behavioral1
Sample
5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07
-
Size
2.6MB
-
MD5
f94711a2952c01ce9bcaf36817c2b0bc
-
SHA1
f084c4650bc662f642859e580ec53d2f260dc8b4
-
SHA256
5558da16990edbb980e38735a89f4fa649fc5fa67e66a99d96fd94c2c0c8ae07
-
SHA512
239aee19e7de6a952b0de7bea4783ad07a11cf8cf635647a7b132c071957fcfc5bd97a8c74bc400be7167a01e4fb37451a0d0c52de94eb9b7341ee62ffd0291d
Score9/10-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-