General
-
Target
f1d29e0e7c7d68b79f40c192fd24fe3bdd0d128b228420ab5e2e940f64b39a29
-
Size
221KB
-
Sample
221204-dx3f5acc93
-
MD5
3ff6a11262b3f308706c41455ac8361a
-
SHA1
fcd062c08341b562022412c0a8662636ddd22f16
-
SHA256
f1d29e0e7c7d68b79f40c192fd24fe3bdd0d128b228420ab5e2e940f64b39a29
-
SHA512
e999503dc6e7a177155024a22fdd013b7f4e005f2a6b72ba11a69051315f207da220f693268a040053085aa6811ca3b133678c145014bdaa1b60c145143ac27b
-
SSDEEP
6144:a7OHpHzFMmJkMh98gWNlPTGQQm6agrdeNRkNIRR1:a7GzuhpNtTirdPuf
Malware Config
Targets
-
-
Target
f1d29e0e7c7d68b79f40c192fd24fe3bdd0d128b228420ab5e2e940f64b39a29
-
Size
221KB
-
MD5
3ff6a11262b3f308706c41455ac8361a
-
SHA1
fcd062c08341b562022412c0a8662636ddd22f16
-
SHA256
f1d29e0e7c7d68b79f40c192fd24fe3bdd0d128b228420ab5e2e940f64b39a29
-
SHA512
e999503dc6e7a177155024a22fdd013b7f4e005f2a6b72ba11a69051315f207da220f693268a040053085aa6811ca3b133678c145014bdaa1b60c145143ac27b
-
SSDEEP
6144:a7OHpHzFMmJkMh98gWNlPTGQQm6agrdeNRkNIRR1:a7GzuhpNtTirdPuf
Score8/10-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-