General
-
Target
8ee7726626f37d079e212a02fd5c2cb60085329de044b7c334596eb0e152d0c2
-
Size
160KB
-
Sample
221203-waqg6abe47
-
MD5
ca73767276aa325dfb65f2827d78bbda
-
SHA1
2a50e86030cd67326c1d616446927996cc18316c
-
SHA256
8ee7726626f37d079e212a02fd5c2cb60085329de044b7c334596eb0e152d0c2
-
SHA512
15cd1fbd774d6fd87b1339e60aa385dd1634e4e172dc42eeba544c962c84af2f87272bd010e63bee16a97ff8d8b04b3c50105fc441e3cb2e281e7f52ad00b4b1
-
SSDEEP
3072:iNlti5raoBFfnOUOKgYyUP/ljCd6TssGB2DM:irti5r9O17Yttjk6Tb82I
Malware Config
Targets
-
-
Target
8ee7726626f37d079e212a02fd5c2cb60085329de044b7c334596eb0e152d0c2
-
Size
160KB
-
MD5
ca73767276aa325dfb65f2827d78bbda
-
SHA1
2a50e86030cd67326c1d616446927996cc18316c
-
SHA256
8ee7726626f37d079e212a02fd5c2cb60085329de044b7c334596eb0e152d0c2
-
SHA512
15cd1fbd774d6fd87b1339e60aa385dd1634e4e172dc42eeba544c962c84af2f87272bd010e63bee16a97ff8d8b04b3c50105fc441e3cb2e281e7f52ad00b4b1
-
SSDEEP
3072:iNlti5raoBFfnOUOKgYyUP/ljCd6TssGB2DM:irti5r9O17Yttjk6Tb82I
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-