General
-
Target
vzlom-kamer-by-neit_wcEYk7hQ.exe
-
Size
4.5MB
-
Sample
230329-x57wcsbc7x
-
MD5
fe0f3853a9f25f71af7a13b313d8521b
-
SHA1
d868f1263393e0440605abe012e6a7626b12bca9
-
SHA256
b89f3ebe1ac94726b821a3c23464236586364d2756881a32bef853e7183739ab
-
SHA512
ea878fd94bee5aa1bc77e64fa6350e6ddcb2d88c32e341ab320701af1feefd424167a46f863c5d1c5226448fe8539f4c8f76e76b6ec49ee2674438ac0bea7a76
-
SSDEEP
98304:nP4tWsF8pOX+Q9WZps5699OChBZ/MrbmY2NTeM6T/Mn:P4tWsFNX+9I61hBZ8bm9TW/Mn
Static task
static1
Behavioral task
behavioral1
Sample
vzlom-kamer-by-neit_wcEYk7hQ.exe
Resource
win7-20230220-en
Malware Config
Extracted
gcleaner
85.31.45.39
85.31.45.250
85.31.45.251
85.31.45.88
Targets
-
-
Target
vzlom-kamer-by-neit_wcEYk7hQ.exe
-
Size
4.5MB
-
MD5
fe0f3853a9f25f71af7a13b313d8521b
-
SHA1
d868f1263393e0440605abe012e6a7626b12bca9
-
SHA256
b89f3ebe1ac94726b821a3c23464236586364d2756881a32bef853e7183739ab
-
SHA512
ea878fd94bee5aa1bc77e64fa6350e6ddcb2d88c32e341ab320701af1feefd424167a46f863c5d1c5226448fe8539f4c8f76e76b6ec49ee2674438ac0bea7a76
-
SSDEEP
98304:nP4tWsF8pOX+Q9WZps5699OChBZ/MrbmY2NTeM6T/Mn:P4tWsFNX+9I61hBZ8bm9TW/Mn
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-