General
-
Target
56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422
-
Size
266KB
-
Sample
220725-b6p62shham
-
MD5
685a2cb5212c9a5b9208fb41fbc98ac7
-
SHA1
f6d3c90573427a3e68f744f8e0ebada395525e25
-
SHA256
56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422
-
SHA512
33f8da6eb65810fe24611afef0f0e575e41e430645283bc59c69be0cd07ac3fafa3823ae468be0a98c40423e1baf851b2882f5c017bb879f30319b1bbdb6bf45
Static task
static1
Behavioral task
behavioral1
Sample
56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422
-
Size
266KB
-
MD5
685a2cb5212c9a5b9208fb41fbc98ac7
-
SHA1
f6d3c90573427a3e68f744f8e0ebada395525e25
-
SHA256
56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422
-
SHA512
33f8da6eb65810fe24611afef0f0e575e41e430645283bc59c69be0cd07ac3fafa3823ae468be0a98c40423e1baf851b2882f5c017bb879f30319b1bbdb6bf45
Score10/10-
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-