General
-
Target
9a25741d25ecd7174b7235f5fc3b76ea2f8a27cc2ddf0ddf6d51b0d07470b175
-
Size
4.4MB
-
Sample
221125-ldws8sfh94
-
MD5
7aaacc5834a1b0d4b3d481df06b0aad0
-
SHA1
cd2db92fcdf5ddd46cb8e58f27f2c8222c0f510b
-
SHA256
9a25741d25ecd7174b7235f5fc3b76ea2f8a27cc2ddf0ddf6d51b0d07470b175
-
SHA512
9264334331b439a820180e0f4d5e8edb3c1eb341cfd15b3e879490c546ba2bdade51e064f85b8532b7799533a512b04244d95d7cb07ad990431bba4e6eca53ac
-
SSDEEP
98304:1bkO1wmyi7s7B7MEYuU/coXBv/Z9S5CBU5QlPyRBRsvojcKoZ2r:1b1FQi5uU/coXFR9S5CBU4PABRsAnr
Static task
static1
Behavioral task
behavioral1
Sample
9a25741d25ecd7174b7235f5fc3b76ea2f8a27cc2ddf0ddf6d51b0d07470b175.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
9a25741d25ecd7174b7235f5fc3b76ea2f8a27cc2ddf0ddf6d51b0d07470b175
-
Size
4.4MB
-
MD5
7aaacc5834a1b0d4b3d481df06b0aad0
-
SHA1
cd2db92fcdf5ddd46cb8e58f27f2c8222c0f510b
-
SHA256
9a25741d25ecd7174b7235f5fc3b76ea2f8a27cc2ddf0ddf6d51b0d07470b175
-
SHA512
9264334331b439a820180e0f4d5e8edb3c1eb341cfd15b3e879490c546ba2bdade51e064f85b8532b7799533a512b04244d95d7cb07ad990431bba4e6eca53ac
-
SSDEEP
98304:1bkO1wmyi7s7B7MEYuU/coXBv/Z9S5CBU5QlPyRBRsvojcKoZ2r:1b1FQi5uU/coXFR9S5CBU4PABRsAnr
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Drops Chrome extension
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-