General
-
Target
98b2aa7998aa474d3c4ea9e3e94321b8.bin
-
Size
4.1MB
-
Sample
230130-xtwc7abh53
-
MD5
98b2aa7998aa474d3c4ea9e3e94321b8
-
SHA1
f746aaffab528fab35b16e45dc79977fc7b51b2a
-
SHA256
571dbcce485937d404621dd8df8644911da53cb762f98ccd3d1a3388ef25ad64
-
SHA512
c53f28b2fe457f93a12441404c7c3b93b2b7dc98dc60d4e9d31b93f87f59c951729a152f703d53487184c22d7ca074b24d2098987e2d37e5380704abbcddd600
-
SSDEEP
49152:Y01aXNTrvJAh35FmtfWfV9rgvkGy136MpbM2z6VaUOuFge56gKvUt/LlErQfC9Zi:c9nJgHm+qubM2zUajreHP+Ef+nUPX+GR
Static task
static1
Behavioral task
behavioral1
Sample
98b2aa7998aa474d3c4ea9e3e94321b8.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
98b2aa7998aa474d3c4ea9e3e94321b8.bin
-
Size
4.1MB
-
MD5
98b2aa7998aa474d3c4ea9e3e94321b8
-
SHA1
f746aaffab528fab35b16e45dc79977fc7b51b2a
-
SHA256
571dbcce485937d404621dd8df8644911da53cb762f98ccd3d1a3388ef25ad64
-
SHA512
c53f28b2fe457f93a12441404c7c3b93b2b7dc98dc60d4e9d31b93f87f59c951729a152f703d53487184c22d7ca074b24d2098987e2d37e5380704abbcddd600
-
SSDEEP
49152:Y01aXNTrvJAh35FmtfWfV9rgvkGy136MpbM2z6VaUOuFge56gKvUt/LlErQfC9Zi:c9nJgHm+qubM2zUajreHP+Ef+nUPX+GR
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-