General
-
Target
d2a9bbe1709e8c702cbdbd43c5b10c8e53b0c3f28502434b31709252d16fb916
-
Size
5.2MB
-
Sample
221128-pb4b3sgd4t
-
MD5
bf1fc82319ddd8ab9bbc377fc28199f2
-
SHA1
dca9f652f863cbefcff52bc553253eed6a10bc4f
-
SHA256
d2a9bbe1709e8c702cbdbd43c5b10c8e53b0c3f28502434b31709252d16fb916
-
SHA512
3f3df014d3dba9c02432541130cf4cdd6cc39827e814e7c6dd18ebf25384b5ade45161275caa8de30bf502ca7fff9db1f61a2589a5cd726773e0f6f18e296ed0
-
SSDEEP
98304:7SpHDRc+ZwBJYPtJ83QTDmeC8UmgOev1emFGtv+GEvtVpWL:gcHBJY1J13dgOeYmaelVpc
Malware Config
Targets
-
-
Target
d2a9bbe1709e8c702cbdbd43c5b10c8e53b0c3f28502434b31709252d16fb916
-
Size
5.2MB
-
MD5
bf1fc82319ddd8ab9bbc377fc28199f2
-
SHA1
dca9f652f863cbefcff52bc553253eed6a10bc4f
-
SHA256
d2a9bbe1709e8c702cbdbd43c5b10c8e53b0c3f28502434b31709252d16fb916
-
SHA512
3f3df014d3dba9c02432541130cf4cdd6cc39827e814e7c6dd18ebf25384b5ade45161275caa8de30bf502ca7fff9db1f61a2589a5cd726773e0f6f18e296ed0
-
SSDEEP
98304:7SpHDRc+ZwBJYPtJ83QTDmeC8UmgOev1emFGtv+GEvtVpWL:gcHBJY1J13dgOeYmaelVpc
Score8/10-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets file execution options in registry
-
Sets service image path in registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-