General
-
Target
046f8f44ae20e5a73ca76bedb2e6312551cd0cce4dcc0b0a0bbdace5841804a3
-
Size
678KB
-
Sample
220527-zx3yjscfh6
-
MD5
392b0770b4ac6a8dc78c1b40087d8728
-
SHA1
915581c6583155ac47c2523a543439443baafc1a
-
SHA256
046f8f44ae20e5a73ca76bedb2e6312551cd0cce4dcc0b0a0bbdace5841804a3
-
SHA512
65644d524d943b028c4eac9ad528bc427b321d6418b1e4f4c996a3a765abe351ddecd7d81030dbd6c5a84b036fa048e0da18cad6ca71b51fe18e7419e2643e76
Malware Config
Targets
-
-
Target
046f8f44ae20e5a73ca76bedb2e6312551cd0cce4dcc0b0a0bbdace5841804a3
-
Size
678KB
-
MD5
392b0770b4ac6a8dc78c1b40087d8728
-
SHA1
915581c6583155ac47c2523a543439443baafc1a
-
SHA256
046f8f44ae20e5a73ca76bedb2e6312551cd0cce4dcc0b0a0bbdace5841804a3
-
SHA512
65644d524d943b028c4eac9ad528bc427b321d6418b1e4f4c996a3a765abe351ddecd7d81030dbd6c5a84b036fa048e0da18cad6ca71b51fe18e7419e2643e76
Score10/10-
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-