General
-
Target
fcd3b79189ae954788f278b34a1e1f206b7a4c72362a4b02c311541315bd6aa1
-
Size
1.2MB
-
Sample
230325-c38pnaag34
-
MD5
066e5525cf478886d629c794ce35e416
-
SHA1
ed3288d83f7a6d3a88f9014a9e8d2705e84a6ae8
-
SHA256
fcd3b79189ae954788f278b34a1e1f206b7a4c72362a4b02c311541315bd6aa1
-
SHA512
e8b5149d70a5c899ee7d5981a8ab50ae58d29620616a6407940871a62c9a356bb42b666e6820c21bf7d63383f46102f814b4c344278852e2c5314acce589e2be
-
SSDEEP
24576:FAOcZ1xr1CYXBqj7/swiKP2cct3K718voN8SWqoypcvdvj:vifBI7/tiKK3I1rhoIcvpj
Static task
static1
Behavioral task
behavioral1
Sample
fcd3b79189ae954788f278b34a1e1f206b7a4c72362a4b02c311541315bd6aa1.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
fcd3b79189ae954788f278b34a1e1f206b7a4c72362a4b02c311541315bd6aa1
-
Size
1.2MB
-
MD5
066e5525cf478886d629c794ce35e416
-
SHA1
ed3288d83f7a6d3a88f9014a9e8d2705e84a6ae8
-
SHA256
fcd3b79189ae954788f278b34a1e1f206b7a4c72362a4b02c311541315bd6aa1
-
SHA512
e8b5149d70a5c899ee7d5981a8ab50ae58d29620616a6407940871a62c9a356bb42b666e6820c21bf7d63383f46102f814b4c344278852e2c5314acce589e2be
-
SSDEEP
24576:FAOcZ1xr1CYXBqj7/swiKP2cct3K718voN8SWqoypcvdvj:vifBI7/tiKK3I1rhoIcvpj
-
Modifies firewall policy service
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-