General
-
Target
d8815043b72eecbd78ed4ef90e8ecdc9ade6efa3e651766f518fbfb3d2052548
-
Size
248KB
-
Sample
221205-21syvshh2y
-
MD5
3b9b5fe35a180aa899c816d6923c34f1
-
SHA1
593dd7676bd2fe8eada9d90560e3a1da8d25d8db
-
SHA256
d8815043b72eecbd78ed4ef90e8ecdc9ade6efa3e651766f518fbfb3d2052548
-
SHA512
2847b61cd1ea461481a08314d0eb3bc8aaa950789f05002d480040f72bba61a041f02343e3861389de66ca82cb0507b91a45a3a7e4b838b859d498288aab5b34
-
SSDEEP
6144:jNd7t6fqsjN8kNPMwQuSrThkGoVf7tRoXSRNoQQQRMi:r7t6ysaaMwQuSfhkGoVf7roXSDoQQQR
Malware Config
Targets
-
-
Target
d8815043b72eecbd78ed4ef90e8ecdc9ade6efa3e651766f518fbfb3d2052548
-
Size
248KB
-
MD5
3b9b5fe35a180aa899c816d6923c34f1
-
SHA1
593dd7676bd2fe8eada9d90560e3a1da8d25d8db
-
SHA256
d8815043b72eecbd78ed4ef90e8ecdc9ade6efa3e651766f518fbfb3d2052548
-
SHA512
2847b61cd1ea461481a08314d0eb3bc8aaa950789f05002d480040f72bba61a041f02343e3861389de66ca82cb0507b91a45a3a7e4b838b859d498288aab5b34
-
SSDEEP
6144:jNd7t6fqsjN8kNPMwQuSrThkGoVf7tRoXSRNoQQQRMi:r7t6ysaaMwQuSfhkGoVf7roXSDoQQQR
Score8/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-