General
-
Target
2d45a7bbd4ab6bdf2fad3f4ccc8d6738d67bc354110899aea3120b68b5c9802c
-
Size
180KB
-
Sample
220919-qq99lsegal
-
MD5
ce0aec2eeb5cce63a98f2f5fe9b79c9a
-
SHA1
22ebbd56ae90bbf24df86873500ce5b8870b4163
-
SHA256
2d45a7bbd4ab6bdf2fad3f4ccc8d6738d67bc354110899aea3120b68b5c9802c
-
SHA512
2e45716bbc8ac0857c4704c883ade4184ea15691927822b96a17edff701e6c3b0f5552bf5617c682c7403989651afdac52483ec9e64029dbdbf2b40e989e720e
-
SSDEEP
3072:Smr/PoZlUVXUiZ+eOO/E4htASJ7B2geEJDC5JVt/rNlRm:S2/P4UVXU6+NoE47TB2FUDCnH/rNlg
Malware Config
Targets
-
-
Target
2d45a7bbd4ab6bdf2fad3f4ccc8d6738d67bc354110899aea3120b68b5c9802c
-
Size
180KB
-
MD5
ce0aec2eeb5cce63a98f2f5fe9b79c9a
-
SHA1
22ebbd56ae90bbf24df86873500ce5b8870b4163
-
SHA256
2d45a7bbd4ab6bdf2fad3f4ccc8d6738d67bc354110899aea3120b68b5c9802c
-
SHA512
2e45716bbc8ac0857c4704c883ade4184ea15691927822b96a17edff701e6c3b0f5552bf5617c682c7403989651afdac52483ec9e64029dbdbf2b40e989e720e
-
SSDEEP
3072:Smr/PoZlUVXUiZ+eOO/E4htASJ7B2geEJDC5JVt/rNlRm:S2/P4UVXU6+NoE47TB2FUDCnH/rNlg
Score8/10-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-