General
-
Target
bb792b4efea109b74bfb7a366cf826d7a0999f34645008a4e486fc675ed0269e
-
Size
300KB
-
Sample
221203-gz1bbseg7w
-
MD5
ea709ba90ef5f70dae427ed0dc742bd3
-
SHA1
a3d2e899bd818e539d2465fefa900e3c86a22e18
-
SHA256
bb792b4efea109b74bfb7a366cf826d7a0999f34645008a4e486fc675ed0269e
-
SHA512
6ef7e6d5dd0117bdd8c537c8fe2e871d427aa61fc64ae86accbb9e732ef4502f0ff40d1c86d5802563e1e9c947b63f9fbc51654b9bb90235fa00bef5d2bb0351
-
SSDEEP
6144:Fyb3UDwSpUl3bK2/sFV21Vp2K2wZiwGWLHrnYDA4R:TTUl3zsFsD2K2wZiXOr7K
Malware Config
Targets
-
-
Target
bb792b4efea109b74bfb7a366cf826d7a0999f34645008a4e486fc675ed0269e
-
Size
300KB
-
MD5
ea709ba90ef5f70dae427ed0dc742bd3
-
SHA1
a3d2e899bd818e539d2465fefa900e3c86a22e18
-
SHA256
bb792b4efea109b74bfb7a366cf826d7a0999f34645008a4e486fc675ed0269e
-
SHA512
6ef7e6d5dd0117bdd8c537c8fe2e871d427aa61fc64ae86accbb9e732ef4502f0ff40d1c86d5802563e1e9c947b63f9fbc51654b9bb90235fa00bef5d2bb0351
-
SSDEEP
6144:Fyb3UDwSpUl3bK2/sFV21Vp2K2wZiwGWLHrnYDA4R:TTUl3zsFsD2K2wZiXOr7K
Score8/10-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-