General
-
Target
68cf5832d4b74fcfa10bf18e120fd1f20969817e2c0671336f20569dd882385b
-
Size
2.6MB
-
Sample
221124-mpawksbh3z
-
MD5
372138948ec17d399fc82ef919ea65b3
-
SHA1
f4e1c87117fcc311f54dc33923728fea0c112842
-
SHA256
68cf5832d4b74fcfa10bf18e120fd1f20969817e2c0671336f20569dd882385b
-
SHA512
dedc989462ba73396c1a3ee88b2ece4583fd4363c7dd6a893781c5ef1af97bd34495ae8fd9889bfd82a4646a4d28e8fb95f24c9a338bb008d0dbc73d14cb266a
-
SSDEEP
49152:KlG4F99Cdb5sfelNY/KsZDOfIdDZ7TD11p8MXivSE744G+2/YbQKmYoidpXLRwmh:KlG4F9IdmfelNYJDOo17X1f8cGSNZlKZ
Static task
static1
Behavioral task
behavioral1
Sample
68cf5832d4b74fcfa10bf18e120fd1f20969817e2c0671336f20569dd882385b.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
68cf5832d4b74fcfa10bf18e120fd1f20969817e2c0671336f20569dd882385b
-
Size
2.6MB
-
MD5
372138948ec17d399fc82ef919ea65b3
-
SHA1
f4e1c87117fcc311f54dc33923728fea0c112842
-
SHA256
68cf5832d4b74fcfa10bf18e120fd1f20969817e2c0671336f20569dd882385b
-
SHA512
dedc989462ba73396c1a3ee88b2ece4583fd4363c7dd6a893781c5ef1af97bd34495ae8fd9889bfd82a4646a4d28e8fb95f24c9a338bb008d0dbc73d14cb266a
-
SSDEEP
49152:KlG4F99Cdb5sfelNY/KsZDOfIdDZ7TD11p8MXivSE744G+2/YbQKmYoidpXLRwmh:KlG4F9IdmfelNYJDOo17X1f8cGSNZlKZ
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-