General
-
Target
dc8abab8b4ac78e63c9412d44f02f3dfbe055d4de4d2e2060451a649125673ba
-
Size
275KB
-
Sample
221123-zjr9wsga91
-
MD5
5555f3e8200401987138db18aee5e61e
-
SHA1
b5cfd44d1bcd437aa7dd0fc75cda1b5eadd19e46
-
SHA256
dc8abab8b4ac78e63c9412d44f02f3dfbe055d4de4d2e2060451a649125673ba
-
SHA512
39701c9547075accec9d6930f5a30fca6c9501b46a7dfc9042754dfe8e55bb48c11b6b3ec2e3568920ba0332c8e570e490249c7409175df87c7026be8c97bfa5
-
SSDEEP
6144:RBKHYmz6mq2pmHmFV2YjnWuwqzeRhva/cfAO9EJgO:G4m5bpnL2KnEqCRhvaU4j
Behavioral task
behavioral1
Sample
dc8abab8b4ac78e63c9412d44f02f3dfbe055d4de4d2e2060451a649125673ba.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
dc8abab8b4ac78e63c9412d44f02f3dfbe055d4de4d2e2060451a649125673ba.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
dc8abab8b4ac78e63c9412d44f02f3dfbe055d4de4d2e2060451a649125673ba
-
Size
275KB
-
MD5
5555f3e8200401987138db18aee5e61e
-
SHA1
b5cfd44d1bcd437aa7dd0fc75cda1b5eadd19e46
-
SHA256
dc8abab8b4ac78e63c9412d44f02f3dfbe055d4de4d2e2060451a649125673ba
-
SHA512
39701c9547075accec9d6930f5a30fca6c9501b46a7dfc9042754dfe8e55bb48c11b6b3ec2e3568920ba0332c8e570e490249c7409175df87c7026be8c97bfa5
-
SSDEEP
6144:RBKHYmz6mq2pmHmFV2YjnWuwqzeRhva/cfAO9EJgO:G4m5bpnL2KnEqCRhvaU4j
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-