General
-
Target
5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526
-
Size
2.8MB
-
Sample
220725-eaj7psdecl
-
MD5
5258c6b0da9f2e14626882430b0e93fb
-
SHA1
13e5a003ae1bad501cfe747e142aa09c2069126f
-
SHA256
5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526
-
SHA512
a2257069b036a5ef9b084f9a58d565a5b4e577fe170a5fdf98f7fbfe158af86b4ecad3569c8b7b423fd646e7dfcaf9ef77dba44ad987653bec12913abf03661f
Malware Config
Targets
-
-
Target
5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526
-
Size
2.8MB
-
MD5
5258c6b0da9f2e14626882430b0e93fb
-
SHA1
13e5a003ae1bad501cfe747e142aa09c2069126f
-
SHA256
5660b555743a8b474992340e7e1e5c2baac9660da8a26c147bc2461bb1763526
-
SHA512
a2257069b036a5ef9b084f9a58d565a5b4e577fe170a5fdf98f7fbfe158af86b4ecad3569c8b7b423fd646e7dfcaf9ef77dba44ad987653bec12913abf03661f
Score10/10-
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets file execution options in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-