General
-
Target
腾讯会议软件.ex$
-
Size
2.0MB
-
Sample
221204-qy7tfsde56
-
MD5
5b9e8345fab7397985cd60729797abc6
-
SHA1
21d8e0efd71f4f00e8138360e56e72dbf533890a
-
SHA256
aacf9aa69f796273438327be6d804d20837272b331eb3b7689b431148a07c88d
-
SHA512
c505609e8de8c29f78490833f34a355d41eb3a6057919aa7f23ab9ae7ac83cef3b64f0116bba0ca145dbb17b1c2c3b18546d31af2397b82260f4cf708a709f75
-
SSDEEP
49152:R/BU6vSPotkoQsbJhPI2q056dN216k4xIURegVMw:R/BU6vSPotPQsbJhPI2qexFJEegVMw
Static task
static1
Behavioral task
behavioral1
Sample
腾讯会议软件.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
腾讯会议软件.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
腾讯会议软件.ex$
-
Size
2.0MB
-
MD5
5b9e8345fab7397985cd60729797abc6
-
SHA1
21d8e0efd71f4f00e8138360e56e72dbf533890a
-
SHA256
aacf9aa69f796273438327be6d804d20837272b331eb3b7689b431148a07c88d
-
SHA512
c505609e8de8c29f78490833f34a355d41eb3a6057919aa7f23ab9ae7ac83cef3b64f0116bba0ca145dbb17b1c2c3b18546d31af2397b82260f4cf708a709f75
-
SSDEEP
49152:R/BU6vSPotkoQsbJhPI2q056dN216k4xIURegVMw:R/BU6vSPotPQsbJhPI2qexFJEegVMw
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-