General
-
Target
051af930cb8f2ed93ec8783b9caf5e982734fd36bbd4dbefd56e8d28da4e8dd5
-
Size
226KB
-
Sample
220527-xl9wlshab6
-
MD5
7883bb44d00d5391cb8a34acb7da626c
-
SHA1
7c1ce5d10b531203b7b48b870d9b1a182be211a7
-
SHA256
051af930cb8f2ed93ec8783b9caf5e982734fd36bbd4dbefd56e8d28da4e8dd5
-
SHA512
657ec68fd8643a05d5d8c74b244a0c4cfb92dcdd2eef9d278a8836b0cf57faf14b6a5e1b4c183d3e806f66c9546b05a73745b3ce47adaa947f94260bff018e2f
Malware Config
Targets
-
-
Target
051af930cb8f2ed93ec8783b9caf5e982734fd36bbd4dbefd56e8d28da4e8dd5
-
Size
226KB
-
MD5
7883bb44d00d5391cb8a34acb7da626c
-
SHA1
7c1ce5d10b531203b7b48b870d9b1a182be211a7
-
SHA256
051af930cb8f2ed93ec8783b9caf5e982734fd36bbd4dbefd56e8d28da4e8dd5
-
SHA512
657ec68fd8643a05d5d8c74b244a0c4cfb92dcdd2eef9d278a8836b0cf57faf14b6a5e1b4c183d3e806f66c9546b05a73745b3ce47adaa947f94260bff018e2f
Score10/10-
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-