General
-
Target
0cf0eb64c6fac3c08a47aa75a0263f46a226e81f02db8aa14298280ceb73f568
-
Size
1.3MB
-
Sample
220529-17ty3agaar
-
MD5
7f94158af84fc598cc1bbf121dc7da8a
-
SHA1
1438707bdb4e4945d25fcc6728bf8899dd94a0ca
-
SHA256
0cf0eb64c6fac3c08a47aa75a0263f46a226e81f02db8aa14298280ceb73f568
-
SHA512
4c0a154aebb43bb2d6bc2d8a9f231289c0cdcd5ec305739b40cfb8a06229baac43c4418b2afc35542f4e714c5c0c19e318cc77b80acbdb2ca020740c3ab06c37
Malware Config
Targets
-
-
Target
0cf0eb64c6fac3c08a47aa75a0263f46a226e81f02db8aa14298280ceb73f568
-
Size
1.3MB
-
MD5
7f94158af84fc598cc1bbf121dc7da8a
-
SHA1
1438707bdb4e4945d25fcc6728bf8899dd94a0ca
-
SHA256
0cf0eb64c6fac3c08a47aa75a0263f46a226e81f02db8aa14298280ceb73f568
-
SHA512
4c0a154aebb43bb2d6bc2d8a9f231289c0cdcd5ec305739b40cfb8a06229baac43c4418b2afc35542f4e714c5c0c19e318cc77b80acbdb2ca020740c3ab06c37
Score10/10-
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Stops running service(s)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-