General
-
Target
LoaderVIP.exe
-
Size
17KB
-
Sample
230106-hbd9maaa4y
-
MD5
ee614764de631d6971f6b813cd2fb21a
-
SHA1
671f3e145c99d6d488480ed7f46486999a86237c
-
SHA256
3b730e1fe7ce748cfa7411e9b81a1394493dbb03e7a682656fcb15960c80c1fe
-
SHA512
4cdf0e7ff2bae5a94d8adb6ce2c25cb5607bd530e30c9309e473887e276ba84dd74e5e9f30ea5cc733c9960a9ea1e7a28d34631954d9a870197935434a7e2489
-
SSDEEP
384:fRKJhlBszbEQuIXz0+WHvYO3LNFE33xhSHkON/GF:haKz0+WHAO3hFE33nSEONuF
Malware Config
Targets
-
-
Target
LoaderVIP.exe
-
Size
17KB
-
MD5
ee614764de631d6971f6b813cd2fb21a
-
SHA1
671f3e145c99d6d488480ed7f46486999a86237c
-
SHA256
3b730e1fe7ce748cfa7411e9b81a1394493dbb03e7a682656fcb15960c80c1fe
-
SHA512
4cdf0e7ff2bae5a94d8adb6ce2c25cb5607bd530e30c9309e473887e276ba84dd74e5e9f30ea5cc733c9960a9ea1e7a28d34631954d9a870197935434a7e2489
-
SSDEEP
384:fRKJhlBszbEQuIXz0+WHvYO3LNFE33xhSHkON/GF:haKz0+WHAO3hFE33nSEONuF
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-