General
-
Target
ae0665acff6dbc3b259e9baef24d10094880f32e7a4e354741561fcb3a2ac989
-
Size
477KB
-
Sample
221123-s3slfach84
-
MD5
12ab1e4f289b90d9898768f9370f392c
-
SHA1
4940b25e32c4210b94dce806fba276272892a683
-
SHA256
ae0665acff6dbc3b259e9baef24d10094880f32e7a4e354741561fcb3a2ac989
-
SHA512
d2a973294823cb025c8f4c3813a7877779ff43d9ed3a90132daed949fa5dc124cae160201366f34977da013433af6febb45dc4758a47f54cc95452e1644214fd
-
SSDEEP
12288:FsvU983wtVMtkaMjY6r+kRkBb63vd1Mp8upU5ks4FW:FF2wAOt+w2Y1Mp8ul4
Malware Config
Targets
-
-
Target
ae0665acff6dbc3b259e9baef24d10094880f32e7a4e354741561fcb3a2ac989
-
Size
477KB
-
MD5
12ab1e4f289b90d9898768f9370f392c
-
SHA1
4940b25e32c4210b94dce806fba276272892a683
-
SHA256
ae0665acff6dbc3b259e9baef24d10094880f32e7a4e354741561fcb3a2ac989
-
SHA512
d2a973294823cb025c8f4c3813a7877779ff43d9ed3a90132daed949fa5dc124cae160201366f34977da013433af6febb45dc4758a47f54cc95452e1644214fd
-
SSDEEP
12288:FsvU983wtVMtkaMjY6r+kRkBb63vd1Mp8upU5ks4FW:FF2wAOt+w2Y1Mp8ul4
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-