General
-
Target
ccf2417e0b8ebedbfdbb005c84ed93adcf1cd0abe9b3c0a37ae692d5ee3cc2fe
-
Size
479KB
-
Sample
221203-h8n54aeh84
-
MD5
4cfb9d0a6fddcf41d6b72feb74045f67
-
SHA1
3b183e19739dad99673f0a00e9bb3d05bfa4f8c4
-
SHA256
ccf2417e0b8ebedbfdbb005c84ed93adcf1cd0abe9b3c0a37ae692d5ee3cc2fe
-
SHA512
ebafc6724ef6b1cce8a31f775362abbffb7bf49f6efaec5f6dc79fac25974a192df1c7ec762b4666352395d4785f37368fe09b49ef407c03efb651722a438f02
-
SSDEEP
6144:2bNST1Pw/LEbmejC6vpq7uQoagJAcUF5nTtj7VJ/9QLkq7+l7d589zia+u2fjk/Y:t4zreDvQsjKd5p7VRzqSmO1YfLu33cW
Static task
static1
Behavioral task
behavioral1
Sample
ccf2417e0b8ebedbfdbb005c84ed93adcf1cd0abe9b3c0a37ae692d5ee3cc2fe.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ccf2417e0b8ebedbfdbb005c84ed93adcf1cd0abe9b3c0a37ae692d5ee3cc2fe.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
ccf2417e0b8ebedbfdbb005c84ed93adcf1cd0abe9b3c0a37ae692d5ee3cc2fe
-
Size
479KB
-
MD5
4cfb9d0a6fddcf41d6b72feb74045f67
-
SHA1
3b183e19739dad99673f0a00e9bb3d05bfa4f8c4
-
SHA256
ccf2417e0b8ebedbfdbb005c84ed93adcf1cd0abe9b3c0a37ae692d5ee3cc2fe
-
SHA512
ebafc6724ef6b1cce8a31f775362abbffb7bf49f6efaec5f6dc79fac25974a192df1c7ec762b4666352395d4785f37368fe09b49ef407c03efb651722a438f02
-
SSDEEP
6144:2bNST1Pw/LEbmejC6vpq7uQoagJAcUF5nTtj7VJ/9QLkq7+l7d589zia+u2fjk/Y:t4zreDvQsjKd5p7VRzqSmO1YfLu33cW
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-