General
-
Target
ID- 424603073 7722381475 .zip
-
Size
1.1MB
-
Sample
230302-zez4yaec6x
-
MD5
e911ce0d7de62c43dff7f7b8e726ec76
-
SHA1
97fa020f34cc71bdc2f783b7c14cd44d2f1ac40e
-
SHA256
a07b612d85c1ce29a711d0ca0b08cd898556a104fbe7319864252631cb7f8342
-
SHA512
4a8b3218ff949bde2958cfde994396f3affe79c1fb4df6118d5dc89702f684940f34848c1cf76fe2246b95be85f0dcf07ddd9a09c02908e2137d80e3a7acf4df
-
SSDEEP
24576:udV/BCx8oouWmnUJKEfdsNWIxnzgTCi0j:uMxXouWlJKUdsNbCCi0j
Malware Config
Targets
-
-
Target
Id-40340917 101603.exe
-
Size
471.2MB
-
MD5
5d03b9fdabd58ff54b9b336103a7c784
-
SHA1
503c20c5f1f6eb82cbd09528a6c5721d57773f73
-
SHA256
af311e1519425d00402a15361e996408a304cb43c6785f6c047fe96cea47c80b
-
SHA512
7e1bdbf0036fada169630e9b647b0bd4c5b576a1207715ce7b0e360721d4da490da5d74842565a7861c0576b897522f2d2b56552be9283d79e0813c7365a31ce
-
SSDEEP
24576:1EuOaPhW+GpDl3ulAyjmJl72R5JtjPM+wBTpy:IkhksA7YNM+WTpy
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~1881911
-
Size
256KB
-
MD5
ca9438b7b82e98b3aa28456d5da39a7d
-
SHA1
40fc217910f2648a8c2a0ba0a9b93739dacc5e4e
-
SHA256
94684915ba15e5b938300705a2471ff145ea6436311718352b8a96859f0f149c
-
SHA512
d1ecd73c455d493b000cd65d939ca9ee3afd7797079a37a36438e298c113a4fa1373e4c5b59ff8e1210c5d39b104fc8048c99b806804aff7a04756f7ca43bedc
-
SSDEEP
6144:SCfHrZae3GFqRQcMeh4WpywpjchNCPn5eb:SCfLZadcM24fRNme
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-