General
-
Target
9720e80096b681e230e8b0bde594d2e0990aa78b893206ffdd3ff6d82c2a0c68
-
Size
220KB
-
Sample
221130-mecbnabf79
-
MD5
ceffcf019051d7212728a5e634bacf25
-
SHA1
249dc43c431a0bb07fc6bb73312552c221168844
-
SHA256
9720e80096b681e230e8b0bde594d2e0990aa78b893206ffdd3ff6d82c2a0c68
-
SHA512
d30e5fb427922b8a7f80a7fe56ab08ac7964143b0d065e40f988249f054231798bd66d58cd4071cca353a7d51ec49babcf138afb88b0db676a12a0175358f5f4
-
SSDEEP
6144:ANd7t6fqsjN8kNPMwQuSrThkGoVf7tRoXSRNoQQQR:S7t6ysaaMwQuSfhkGoVf7roXSDoQQQR
Malware Config
Targets
-
-
Target
9720e80096b681e230e8b0bde594d2e0990aa78b893206ffdd3ff6d82c2a0c68
-
Size
220KB
-
MD5
ceffcf019051d7212728a5e634bacf25
-
SHA1
249dc43c431a0bb07fc6bb73312552c221168844
-
SHA256
9720e80096b681e230e8b0bde594d2e0990aa78b893206ffdd3ff6d82c2a0c68
-
SHA512
d30e5fb427922b8a7f80a7fe56ab08ac7964143b0d065e40f988249f054231798bd66d58cd4071cca353a7d51ec49babcf138afb88b0db676a12a0175358f5f4
-
SSDEEP
6144:ANd7t6fqsjN8kNPMwQuSrThkGoVf7tRoXSRNoQQQR:S7t6ysaaMwQuSfhkGoVf7roXSDoQQQR
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-