General
-
Target
92726c4466e1ba20483d806121f165053f9b340d3dc9631743a1a1dcf068986e
-
Size
184KB
-
Sample
221128-flpr1aga94
-
MD5
583f4ec3d1817f477b9a4127e4e301a8
-
SHA1
1e7fe1001f31a9dcbae9b1e7c57d805742f4d734
-
SHA256
92726c4466e1ba20483d806121f165053f9b340d3dc9631743a1a1dcf068986e
-
SHA512
27b8a69ec574a198a815d9cad1f993961e9746f9a43ee7422f1f714c5d48d46094527e3d832598d091f5fa0f50ef3e6140798f41e026d85a1d70294a78ff6d97
-
SSDEEP
3072:lZMJnTeM4cJJ445k4IL1/myDVcc4kbWsqfW9X25rplo6sOvuP4hc1HGr+M9477jy:TeTeM/04IL1eyDVcc4CdrmlopP4hc1H2
Static task
static1
Behavioral task
behavioral1
Sample
92726c4466e1ba20483d806121f165053f9b340d3dc9631743a1a1dcf068986e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
92726c4466e1ba20483d806121f165053f9b340d3dc9631743a1a1dcf068986e.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
92726c4466e1ba20483d806121f165053f9b340d3dc9631743a1a1dcf068986e
-
Size
184KB
-
MD5
583f4ec3d1817f477b9a4127e4e301a8
-
SHA1
1e7fe1001f31a9dcbae9b1e7c57d805742f4d734
-
SHA256
92726c4466e1ba20483d806121f165053f9b340d3dc9631743a1a1dcf068986e
-
SHA512
27b8a69ec574a198a815d9cad1f993961e9746f9a43ee7422f1f714c5d48d46094527e3d832598d091f5fa0f50ef3e6140798f41e026d85a1d70294a78ff6d97
-
SSDEEP
3072:lZMJnTeM4cJJ445k4IL1/myDVcc4kbWsqfW9X25rplo6sOvuP4hc1HGr+M9477jy:TeTeM/04IL1eyDVcc4CdrmlopP4hc1H2
Score10/10-
Detected phishing page
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-