General
-
Target
b3d47cda8a8e0dbbb4db970f75d6c29a34d03037bcba7c07622ef84e7eca3bf1
-
Size
4.6MB
-
Sample
221125-kfrrmahc9z
-
MD5
482583be2d17b24c0c065c361d6d454c
-
SHA1
958c9021cbc65261127393179ded8ba1eed5c414
-
SHA256
b3d47cda8a8e0dbbb4db970f75d6c29a34d03037bcba7c07622ef84e7eca3bf1
-
SHA512
32347411e73589d29d957c2f2b36c8baa0f1b53c168cba34e7b17ffe2826b4307d145fcf1dec61e16b41023fe3ee4dd4e5007aec729b2b673f204ff6cc1f73c3
-
SSDEEP
98304:eLtkZmzpySeQlbyuvoBYU8XlpTmCoFyCMPYT+HrB:eLygV8NieYrX3mCoFl6MkB
Static task
static1
Behavioral task
behavioral1
Sample
b3d47cda8a8e0dbbb4db970f75d6c29a34d03037bcba7c07622ef84e7eca3bf1.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
b3d47cda8a8e0dbbb4db970f75d6c29a34d03037bcba7c07622ef84e7eca3bf1
-
Size
4.6MB
-
MD5
482583be2d17b24c0c065c361d6d454c
-
SHA1
958c9021cbc65261127393179ded8ba1eed5c414
-
SHA256
b3d47cda8a8e0dbbb4db970f75d6c29a34d03037bcba7c07622ef84e7eca3bf1
-
SHA512
32347411e73589d29d957c2f2b36c8baa0f1b53c168cba34e7b17ffe2826b4307d145fcf1dec61e16b41023fe3ee4dd4e5007aec729b2b673f204ff6cc1f73c3
-
SSDEEP
98304:eLtkZmzpySeQlbyuvoBYU8XlpTmCoFyCMPYT+HrB:eLygV8NieYrX3mCoFl6MkB
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Drops Chrome extension
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-