General
-
Target
^@$+y231I952A~`l~.exe
-
Size
1005KB
-
Sample
221226-jyygfscf29
-
MD5
2e45d367ecf4d5260529a506b253dedd
-
SHA1
3447ed70d8169436886133e6175c3a2cb311de76
-
SHA256
2f64c68a1122956448cd90c9bcc5fe1f0b364bddd1c6cafacc3910369191cf11
-
SHA512
7c4a128ffe51501df3d564c29c9e0bbfe5c02d490025a36b6523b117902cc284a2b401895b18dfd96b7bb17a1a3235927a98f9daf85feb299684c30d553c135f
-
SSDEEP
24576:2EkFSxyvwP26wLMTQcU6vDYjr4xJYWaT8VkgD5nmVz1YK:2EkFSkvwP2PM80Ls8xsGZD5nmVz19
Malware Config
Targets
-
-
Target
^@$+y231I952A~`l~.exe
-
Size
1005KB
-
MD5
2e45d367ecf4d5260529a506b253dedd
-
SHA1
3447ed70d8169436886133e6175c3a2cb311de76
-
SHA256
2f64c68a1122956448cd90c9bcc5fe1f0b364bddd1c6cafacc3910369191cf11
-
SHA512
7c4a128ffe51501df3d564c29c9e0bbfe5c02d490025a36b6523b117902cc284a2b401895b18dfd96b7bb17a1a3235927a98f9daf85feb299684c30d553c135f
-
SSDEEP
24576:2EkFSxyvwP26wLMTQcU6vDYjr4xJYWaT8VkgD5nmVz1YK:2EkFSkvwP2PM80Ls8xsGZD5nmVz19
Score8/10-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-