General
-
Target
1505b06e2e339e42fb185cc0f7f7ed1dd21b891cf28231ee4ab215090173fd64
-
Size
456KB
-
Sample
221021-de79nahdam
-
MD5
65e5e17e41c2c00ac7389bf8b4263a35
-
SHA1
25a4335e7610066e4c8f84a8034eac1aa9960a5f
-
SHA256
1505b06e2e339e42fb185cc0f7f7ed1dd21b891cf28231ee4ab215090173fd64
-
SHA512
7a83ba5c391efab3a1b48cb68f98c5f97b393372471df73e7e7218b5beea5d739f8dc9eb20930a1c093c050b214b5ff4c9822612b151e61335349817b263cfdd
-
SSDEEP
12288:jEVXKpmokfif4JgTIoq43H2cE05nMx11DGkfb7i:jEtR3iAJgMe3H2cJCx1YOb7i
Malware Config
Targets
-
-
Target
1505b06e2e339e42fb185cc0f7f7ed1dd21b891cf28231ee4ab215090173fd64
-
Size
456KB
-
MD5
65e5e17e41c2c00ac7389bf8b4263a35
-
SHA1
25a4335e7610066e4c8f84a8034eac1aa9960a5f
-
SHA256
1505b06e2e339e42fb185cc0f7f7ed1dd21b891cf28231ee4ab215090173fd64
-
SHA512
7a83ba5c391efab3a1b48cb68f98c5f97b393372471df73e7e7218b5beea5d739f8dc9eb20930a1c093c050b214b5ff4c9822612b151e61335349817b263cfdd
-
SSDEEP
12288:jEVXKpmokfif4JgTIoq43H2cE05nMx11DGkfb7i:jEtR3iAJgMe3H2cJCx1YOb7i
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-