General
-
Target
401e7c5d4b7bd65b184cf3a3eff6e923381e2656e43322ca279844285f358c1c
-
Size
456KB
-
Sample
221011-dep33sbgc7
-
MD5
6d57aa2758da463892d1c8384ad5a330
-
SHA1
044e84b4785161beed594b52945c1384b03139e5
-
SHA256
401e7c5d4b7bd65b184cf3a3eff6e923381e2656e43322ca279844285f358c1c
-
SHA512
a11a75d09dcdd3ee8322e317cd29cc47fe1a43e877692afcf82918142586c42f35aefcf63d56a72bbc50d5a8822261853ae3276fb6e3d9aa832192f535ecdc1c
-
SSDEEP
12288:jEVXKpmokzif4JgTIoq43H2cE05nMx11DGkfb7i:jEtRLiAJgMe3H2cJCx1YOb7i
Malware Config
Targets
-
-
Target
401e7c5d4b7bd65b184cf3a3eff6e923381e2656e43322ca279844285f358c1c
-
Size
456KB
-
MD5
6d57aa2758da463892d1c8384ad5a330
-
SHA1
044e84b4785161beed594b52945c1384b03139e5
-
SHA256
401e7c5d4b7bd65b184cf3a3eff6e923381e2656e43322ca279844285f358c1c
-
SHA512
a11a75d09dcdd3ee8322e317cd29cc47fe1a43e877692afcf82918142586c42f35aefcf63d56a72bbc50d5a8822261853ae3276fb6e3d9aa832192f535ecdc1c
-
SSDEEP
12288:jEVXKpmokzif4JgTIoq43H2cE05nMx11DGkfb7i:jEtRLiAJgMe3H2cJCx1YOb7i
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-