General
-
Target
FACT_MGY1.zip
-
Size
235KB
-
Sample
230330-qk2qaacg74
-
MD5
986a4e73c25dbcd8fdb6ab3a0eabcc69
-
SHA1
29e0325860532734ce9bf210636f42b1aedce10a
-
SHA256
254a0dce7cfe5fb0d58821c965fa7e9a9ef9df0c4339a5d3689793c7343b4936
-
SHA512
a2e3d952dfe5e9d70ec8fba2133b45823ec0e470fe36915fd129d0f6e7f633aed90a4630aa43d5863d50a8667b16dc65083c834bb88304874677fa7fc8c39f28
-
SSDEEP
6144:kk7jmfnAvMwVea9EMxfXzflE9Z121GntHRFFcMfYAxCkufpfi:kk7en8MSEuJm1jl/FcMgMCJg
Static task
static1
Behavioral task
behavioral1
Sample
FACT_MGY1.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
FACT_MGY1.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
~.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
FACT_MGY1.exe
-
Size
526KB
-
MD5
f90662a63fcd773144ef809e09930b3f
-
SHA1
5196017f8f8127398c4fd4a0424a0871f20b4c89
-
SHA256
011c6518502cc9aec7dca14a808b1afa546233d528bd2ebf6485296e3dbd2541
-
SHA512
4cc4c3551e61a5228623d69167abe27a511cce6188294b374e71069a3ac7ece0d077801cfce32a936d1583941b71ce3ec64e086d6eea3b9b98c5c18616a10364
-
SSDEEP
3072:lV/611KEEbL6ETLPWkddkaW9N73oxiZOhAnGVRfN2Zndp9fN+3:IrKxTbfdkpIHVRf4nBfN+3
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
~
-
Size
256KB
-
MD5
56354f6191810e362bf2ae7b3f6e82b4
-
SHA1
98260eb9dbec4ef777939937b4ca797ac336e3ff
-
SHA256
95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11
-
SHA512
fb40abe4838e4026a4b1c826566454ff181e68bf7f7929777f2ea63e55a8242c65f12dffb274e8c46f5f1bcb7f42661c41e7b2a62ed39050814a45de54ab8b30
-
SSDEEP
6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPnAeb:bCfLZadcM24fRNXe
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-