General
-
Target
7c59680ded3353d5fe31fbb8791e53503dc127a0fb2d0bbe49ac21f91e08fd97
-
Size
529KB
-
Sample
221003-cdzepadabj
-
MD5
71d0dbac0ac6b2d8742aad66901c4980
-
SHA1
b32db83b7b63b9859a009491c2da68339e9f16f2
-
SHA256
7c59680ded3353d5fe31fbb8791e53503dc127a0fb2d0bbe49ac21f91e08fd97
-
SHA512
499fa0319ded479c21a78aaa031d0f2a8933ae716193fbb14e19213e991af15aeb087f836792b7eef877e594d83c8b3406046dac16b687f1e319e15906017e60
-
SSDEEP
12288:w7F+0hl+8BaEOtZ5W1UKzAfYOF5VUkjEfc8vy4hyU3D:IF+0e8TWecZjjp86az
Static task
static1
Behavioral task
behavioral1
Sample
7c59680ded3353d5fe31fbb8791e53503dc127a0fb2d0bbe49ac21f91e08fd97.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7c59680ded3353d5fe31fbb8791e53503dc127a0fb2d0bbe49ac21f91e08fd97.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
7c59680ded3353d5fe31fbb8791e53503dc127a0fb2d0bbe49ac21f91e08fd97
-
Size
529KB
-
MD5
71d0dbac0ac6b2d8742aad66901c4980
-
SHA1
b32db83b7b63b9859a009491c2da68339e9f16f2
-
SHA256
7c59680ded3353d5fe31fbb8791e53503dc127a0fb2d0bbe49ac21f91e08fd97
-
SHA512
499fa0319ded479c21a78aaa031d0f2a8933ae716193fbb14e19213e991af15aeb087f836792b7eef877e594d83c8b3406046dac16b687f1e319e15906017e60
-
SSDEEP
12288:w7F+0hl+8BaEOtZ5W1UKzAfYOF5VUkjEfc8vy4hyU3D:IF+0e8TWecZjjp86az
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-