General
-
Target
d1049482df1d0d0cfe84f00eb710ab14009afb7a1d496ee664b7e24f312805ae
-
Size
488KB
-
Sample
221128-nkk2esad54
-
MD5
d3d013aaa07c6217fda7a8a139c42b60
-
SHA1
c2255e187fc08109ee3da450bba1e176b7583384
-
SHA256
d1049482df1d0d0cfe84f00eb710ab14009afb7a1d496ee664b7e24f312805ae
-
SHA512
77b508f7b7504a15e2892bd956958d63ea81c601f923b23de89db0adbcac35b5bc5cd460592cb5c14ab8e122c3c60c49dfa08aeff39e6772a5de28f0651d4e69
-
SSDEEP
12288:M5GcFV5PDTOLQtJ+5tPD9HQdjFhkPcykVbI:MAELTOEtJWpwhmq
Static task
static1
Behavioral task
behavioral1
Sample
d1049482df1d0d0cfe84f00eb710ab14009afb7a1d496ee664b7e24f312805ae.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d1049482df1d0d0cfe84f00eb710ab14009afb7a1d496ee664b7e24f312805ae.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
d1049482df1d0d0cfe84f00eb710ab14009afb7a1d496ee664b7e24f312805ae
-
Size
488KB
-
MD5
d3d013aaa07c6217fda7a8a139c42b60
-
SHA1
c2255e187fc08109ee3da450bba1e176b7583384
-
SHA256
d1049482df1d0d0cfe84f00eb710ab14009afb7a1d496ee664b7e24f312805ae
-
SHA512
77b508f7b7504a15e2892bd956958d63ea81c601f923b23de89db0adbcac35b5bc5cd460592cb5c14ab8e122c3c60c49dfa08aeff39e6772a5de28f0651d4e69
-
SSDEEP
12288:M5GcFV5PDTOLQtJ+5tPD9HQdjFhkPcykVbI:MAELTOEtJWpwhmq
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-