General
-
Target
569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770
-
Size
1.1MB
-
Sample
220725-cwj3qabahm
-
MD5
1c43dffd44c05547555743e916f36ce4
-
SHA1
9fe2dd0c1be8be46a171c7b0112803a4a7167bc6
-
SHA256
569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770
-
SHA512
dbdd458483166596b06409a3ee83f202dc0971e28a76e2f7f534475ce81f68cd1bde53d8b008df10234b62556ba7e4f463f3cbe2b8bed26e8b679b2cf2392b1e
Malware Config
Targets
-
-
Target
569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770
-
Size
1.1MB
-
MD5
1c43dffd44c05547555743e916f36ce4
-
SHA1
9fe2dd0c1be8be46a171c7b0112803a4a7167bc6
-
SHA256
569816604b393f8bed83bd1bcb717f9a16c6b576b4a253b01409751444c57770
-
SHA512
dbdd458483166596b06409a3ee83f202dc0971e28a76e2f7f534475ce81f68cd1bde53d8b008df10234b62556ba7e4f463f3cbe2b8bed26e8b679b2cf2392b1e
Score10/10-
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
Stops running service(s)
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-