General
-
Target
5ea34b7e57eb2739364fff49d71fbc67212b27499895774cf93406c089333a1f
-
Size
1.8MB
-
Sample
221124-rs34raae35
-
MD5
f61bebd8595855ca793d49504a6e2279
-
SHA1
0c587b33a558133029604088a9f7168d49dd2061
-
SHA256
5ea34b7e57eb2739364fff49d71fbc67212b27499895774cf93406c089333a1f
-
SHA512
2f22cf2e4ac51e114b13f2f93c3fd5fb784f19de0f4532b0f0c621fc03ed3cd5dc29ea259e4ae9edd683794989af1a3b259bfd710dfff77f78ec2c1e06a2c34c
-
SSDEEP
49152:exNweeYjnVbRNz7XiN0RcXuXqUVOsDz109IFLgeRxA8q:eHJeYjzNviUcXuXXbdoIFkjT
Malware Config
Targets
-
-
Target
setup.exe
-
Size
584KB
-
MD5
5dd749927d1bfce97a8e766941decefa
-
SHA1
2f14dfca70001ac41433eba2feaeb3dd99379ada
-
SHA256
516fb75211c7bce16a5e0c625e25eebda7f2103ebece1473a7a45094cf79f12a
-
SHA512
9a8ae0478664470f264479c84cccef46a0c59432599acff6d7fca0334a866beed03520414d2c4a0cc1a86afbb705715f307df3e50bc7917b23361ffa858c4050
-
SSDEEP
12288:VbD1UDWNSVbJIwnPaBlPZ4SEha829ffi2Jx3h6wq6/c:V/1ULbJIwPOySEha/9ni2J18wq6/c
Score10/10-
Modifies system executable filetype association
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Registers COM server for autorun
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Ѫͳ1.1 .exe
-
Size
2.3MB
-
MD5
7258d5fd3bab7e9802b93573819261eb
-
SHA1
04beccacb05c553cb4debd377bc43403862e2b9a
-
SHA256
f96ae6955319db901b55aa276508d1ad6e5ac3fee50daf93993a2efff19104e2
-
SHA512
cd3f2e8da8e6f4b6270723075f9f2116b90fc5e5188ffa6aa4856b4cb5642a4d45f2370374c4c628f0dd0a17fce9aec3a23369d7232487ac62750725ed85a971
-
SSDEEP
49152:5bNNjlTAj0pkfuxLkbXMU9bmk3cMjlG91Fyc:HN9Akkfue4O3BSF
Score5/10-
Suspicious use of NtSetInformationThreadHideFromDebugger
-