General
-
Target
8b4479452fa254ff1d5169d4abe6cb15c8f7c3645c3286fd4970b801765eea42
-
Size
416KB
-
Sample
221003-cdyhdsbde7
-
MD5
71a8f619951da4972e31068243e78a53
-
SHA1
5d6626d44b1cd0e3aab331f93f06125f858faaae
-
SHA256
8b4479452fa254ff1d5169d4abe6cb15c8f7c3645c3286fd4970b801765eea42
-
SHA512
7f986456166fc4bf4facb88d677a9906a8b9293e7a0ba0e6d2a95e25c613139c242289459a128644205559a0c843d5f3f4c4775f7b23aabdff452655e3030552
-
SSDEEP
12288:wU1zmGwKrotZ5e16/URdOYOF5Vv8ZUljcolwPoc1HvJAE:rxwxQRyFzkocpRAE
Malware Config
Targets
-
-
Target
8b4479452fa254ff1d5169d4abe6cb15c8f7c3645c3286fd4970b801765eea42
-
Size
416KB
-
MD5
71a8f619951da4972e31068243e78a53
-
SHA1
5d6626d44b1cd0e3aab331f93f06125f858faaae
-
SHA256
8b4479452fa254ff1d5169d4abe6cb15c8f7c3645c3286fd4970b801765eea42
-
SHA512
7f986456166fc4bf4facb88d677a9906a8b9293e7a0ba0e6d2a95e25c613139c242289459a128644205559a0c843d5f3f4c4775f7b23aabdff452655e3030552
-
SSDEEP
12288:wU1zmGwKrotZ5e16/URdOYOF5Vv8ZUljcolwPoc1HvJAE:rxwxQRyFzkocpRAE
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Registers COM server for autorun
-
Sets DLL path for service in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-