General
-
Target
030ed4b2d8bbc62277448ae645304051d8925c612a8e4710aaee3e9e055024a4
-
Size
392KB
-
Sample
221020-1s7llsgbdj
-
MD5
5c5208cf7e3c9a2709932932eb054010
-
SHA1
2a956e9870aed81cd456f5ffe6533750455e5060
-
SHA256
030ed4b2d8bbc62277448ae645304051d8925c612a8e4710aaee3e9e055024a4
-
SHA512
764b0cbeef1ce4ae3f8765d7ea7eba5b570c6b4338e58677d1351ea26ebad3a2c538ec345b6725162f0e98eb252a4aad47aba4f88464cba1ebda97badfdf39db
-
SSDEEP
6144:q/fSAZL+95MNqWyzuna26X7xkvF3k+zxS3W34FZWrBIx:Ki6NqWAnp7xkvF3k+BMUk
Malware Config
Targets
-
-
Target
030ed4b2d8bbc62277448ae645304051d8925c612a8e4710aaee3e9e055024a4
-
Size
392KB
-
MD5
5c5208cf7e3c9a2709932932eb054010
-
SHA1
2a956e9870aed81cd456f5ffe6533750455e5060
-
SHA256
030ed4b2d8bbc62277448ae645304051d8925c612a8e4710aaee3e9e055024a4
-
SHA512
764b0cbeef1ce4ae3f8765d7ea7eba5b570c6b4338e58677d1351ea26ebad3a2c538ec345b6725162f0e98eb252a4aad47aba4f88464cba1ebda97badfdf39db
-
SSDEEP
6144:q/fSAZL+95MNqWyzuna26X7xkvF3k+zxS3W34FZWrBIx:Ki6NqWAnp7xkvF3k+BMUk
Score10/10-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-