General
-
Target
00e118db4ae235e77f92c2b1ffa59a0ea0170d51475134f87fb238cdffa6186e
-
Size
776KB
-
Sample
220524-enhk2aaegr
-
MD5
b2e23633d145bdc6453589612b791ce5
-
SHA1
7da640e6971e83f92a06dd3e5078d8606e884c41
-
SHA256
00e118db4ae235e77f92c2b1ffa59a0ea0170d51475134f87fb238cdffa6186e
-
SHA512
953c4d7996b1eaa06944695233f75c0e543e0ff22af3cb74348fc669f8f81ad494cbd0a16a3ea5ea08b91b4329480faa05e153f7768092c38c6f306298946057
Static task
static1
Behavioral task
behavioral1
Sample
00e118db4ae235e77f92c2b1ffa59a0ea0170d51475134f87fb238cdffa6186e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
00e118db4ae235e77f92c2b1ffa59a0ea0170d51475134f87fb238cdffa6186e.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
00e118db4ae235e77f92c2b1ffa59a0ea0170d51475134f87fb238cdffa6186e
-
Size
776KB
-
MD5
b2e23633d145bdc6453589612b791ce5
-
SHA1
7da640e6971e83f92a06dd3e5078d8606e884c41
-
SHA256
00e118db4ae235e77f92c2b1ffa59a0ea0170d51475134f87fb238cdffa6186e
-
SHA512
953c4d7996b1eaa06944695233f75c0e543e0ff22af3cb74348fc669f8f81ad494cbd0a16a3ea5ea08b91b4329480faa05e153f7768092c38c6f306298946057
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-