General
-
Target
be6a0c38db27a1c66132519bc9f99317e50a8edc8676307e53d8827e9f6abd5b
-
Size
2.8MB
-
Sample
230323-fjk12afe6s
-
MD5
3d5296fdc54537f00ad5c4d13413135f
-
SHA1
374021fc54737ec0b3aaac03803b35511f01584c
-
SHA256
be6a0c38db27a1c66132519bc9f99317e50a8edc8676307e53d8827e9f6abd5b
-
SHA512
d446ea63e6d3828fb7eb71d6940b638f632e58bd8909b72ce67927735cbd0b40eb3c877a030b473237ec8700ba41e981bbff320b62bc9b8a4c37cca083e768b3
-
SSDEEP
49152:vPgSCgaih1zKkD8zGqpZEDSF4wHF016k4xIUESmlwdib2c:vPgSCgaihRKkD8zGqpZEOF3uFJYGb2c
Static task
static1
Behavioral task
behavioral1
Sample
be6a0c38db27a1c66132519bc9f99317e50a8edc8676307e53d8827e9f6abd5b.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
be6a0c38db27a1c66132519bc9f99317e50a8edc8676307e53d8827e9f6abd5b
-
Size
2.8MB
-
MD5
3d5296fdc54537f00ad5c4d13413135f
-
SHA1
374021fc54737ec0b3aaac03803b35511f01584c
-
SHA256
be6a0c38db27a1c66132519bc9f99317e50a8edc8676307e53d8827e9f6abd5b
-
SHA512
d446ea63e6d3828fb7eb71d6940b638f632e58bd8909b72ce67927735cbd0b40eb3c877a030b473237ec8700ba41e981bbff320b62bc9b8a4c37cca083e768b3
-
SSDEEP
49152:vPgSCgaih1zKkD8zGqpZEDSF4wHF016k4xIUESmlwdib2c:vPgSCgaihRKkD8zGqpZEOF3uFJYGb2c
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Sets file execution options in registry
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-