General
-
Target
Flvto Youtube Downloader 1.3.9.40.zip
-
Size
13.2MB
-
Sample
221003-qznrzahfc6
-
MD5
4620ee80ba7f6fe5d80d705113c4c01f
-
SHA1
508572eaab020bd9c726318506e6dfa65dc92efe
-
SHA256
f0a3dff2c1db13cec8e4ec0f87ef25f1f5c4058085a22456725716d40c07170f
-
SHA512
02fb7f523cc6294e6a4f9aad87241ce877cbe7fd64c5740baec6438036d58c6d0d5841a67bb28a9813f6deeabfc05aa9b2c3492acd095035a42bc6654644746c
-
SSDEEP
393216:vWNjnZgl3+KcC0GKJ8C0KKrj47Daw4993:+NjnZu3RD0GKwQ7Da/993
Static task
static1
Behavioral task
behavioral1
Sample
Flvto Youtube Downloader 1.3.9.40 [FileCR]/Crk/Flvto.Logic.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Flvto Youtube Downloader 1.3.9.40 [FileCR]/Crk/Flvto.Logic.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Flvto Youtube Downloader 1.3.9.40 [FileCR]/Flvto Youtube Downloader 1.3.9.40.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
Flvto Youtube Downloader 1.3.9.40 [FileCR]/Crk/Flvto.Logic.dll
-
Size
47KB
-
MD5
620beec8545e4e77f552bc3d4c0f3375
-
SHA1
5bde994988f720837748f99d4e28069fac797c2e
-
SHA256
779ce2a3c17415361050604992c79fa09188305d1f63bcd26fe4f8fc3be5fb1f
-
SHA512
c607e28bc8aeb403f5840c9c6cd17d465d739cc2ed88a1e2a4f5cbb37f6408a3770a0ae0fd3406f4edddb675f2446cdbf8ad94254e9ba8c939bb219c60f1ca84
-
SSDEEP
768:ppskMk/8kcrvSva47sAeTniu7csPn553V29hpZu+eIdLgiM4bH5j8R4sPJnB/:HCnNjma47lannckBV21k+5dcIVj8R4sf
Score1/10 -
-
-
Target
Flvto Youtube Downloader 1.3.9.40 [FileCR]/Flvto Youtube Downloader 1.3.9.40.exe
-
Size
13.2MB
-
MD5
345f5f888522011c0854b8ad837fef7c
-
SHA1
19414ea02fa39db028e149a0908830eca083d5c8
-
SHA256
e31dcaed8915e878b6a7f8c90decb2180cf6e128d7145d446cfe9c6c14ccb82b
-
SHA512
be723f36019750ebe48abc6e1a974273313f9466a135e474262027e737b33caa385e4b1bed45778f97fb6df697c89586a87183de19eb9d6b71e44099a9f3e7c7
-
SSDEEP
393216:eZEZpam/Y6ks8YyyMiuHxegYCzzWsaCcH9VL:e0amgjsef5HMzYWdBdVL
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-