General
-
Target
ebb8f7dc8b7b63a38b4c99064870b5d8da6305f9b8d426c8c8f8b3e1bb1423c7
-
Size
489KB
-
Sample
221126-2z8mxsfa9y
-
MD5
766f754a42ffe605d1bae4c10e254251
-
SHA1
7e83bd88fc0943a22268159df5dc7c87524eda86
-
SHA256
ebb8f7dc8b7b63a38b4c99064870b5d8da6305f9b8d426c8c8f8b3e1bb1423c7
-
SHA512
e4d2a974a037daea0a7bd2dde126797d555bd8bff3fb98c507aaa68cd79da8fb3765c2217dcd63bd277b9d2fe2c99c0ac6cda9061c2d50ee67d4396b3ed57413
-
SSDEEP
12288:6lwBx7EJ2ZRIsk3Z9TWNUimBlxm64NaiGaxVz0eSc:ow4J2TI9J9TWN+lxVRPaxVzjL
Static task
static1
Behavioral task
behavioral1
Sample
搜狗导航增值机.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
搜狗导航增值机.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
搜狗导航增值机.exe
-
Size
532KB
-
MD5
74c6e0df472160ebb8482729aaa1baee
-
SHA1
6e1634bb00213a7e557591c3d451baf56291e9de
-
SHA256
2da1a40d86c8dc33f6851b1614b522cd2ca2f54f7d5f3ccf8fa38908db9271f3
-
SHA512
05e403abe730dbc7079e3e3cce5d9e6a797542aaec81c917ed84445e324421c725dc208d1af286234e72241a725b0e89e0e224cdfc67d813861422516835d345
-
SSDEEP
12288:+K2mhAMJ/cPlizen8lwBx7EshSpwreE+/8gfxsdjY9NhEi7D:v2O/Gliquw4P5E+/8gfxsFAEo
Score8/10-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-