General
-
Target
dd50ecfd845e8204cb8857f6d79d77cc5ddaf80848fd37ad747f603a525e3f1b
-
Size
272KB
-
Sample
221204-ln55nabg6t
-
MD5
fd39caeeaeedfc6fbeb24a1486f5d58b
-
SHA1
8e741953da8e772a197b74d4e6408683ef5448cb
-
SHA256
dd50ecfd845e8204cb8857f6d79d77cc5ddaf80848fd37ad747f603a525e3f1b
-
SHA512
c7955b87034989a6026b800123203c031a59e7abfd4d67f4c61ecbb01fe49401e2e600d5c3996cf4cd8ae29db2052c7d5c1b23c381667f8c16cb29cc627039d1
-
SSDEEP
3072:14lQFnWjl4tYHv3iJHwxmOFuBsXpuN78UIaGWNBRyf9D2gss7jTHPkNZW9:9FnWR4tYPyN3WXpu1JIdWzRyfZ2/s9
Malware Config
Targets
-
-
Target
dd50ecfd845e8204cb8857f6d79d77cc5ddaf80848fd37ad747f603a525e3f1b
-
Size
272KB
-
MD5
fd39caeeaeedfc6fbeb24a1486f5d58b
-
SHA1
8e741953da8e772a197b74d4e6408683ef5448cb
-
SHA256
dd50ecfd845e8204cb8857f6d79d77cc5ddaf80848fd37ad747f603a525e3f1b
-
SHA512
c7955b87034989a6026b800123203c031a59e7abfd4d67f4c61ecbb01fe49401e2e600d5c3996cf4cd8ae29db2052c7d5c1b23c381667f8c16cb29cc627039d1
-
SSDEEP
3072:14lQFnWjl4tYHv3iJHwxmOFuBsXpuN78UIaGWNBRyf9D2gss7jTHPkNZW9:9FnWR4tYPyN3WXpu1JIdWzRyfZ2/s9
Score10/10-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-