General
-
Target
736cda5b2775ef1e9b3c1aca74c6bb2adfe737d001dcd935bcbe8ee62958ebbb
-
Size
31.9MB
-
Sample
230330-vg1q2ade27
-
MD5
1b5a9cdfb1e2e5525ba77008aacfed3d
-
SHA1
f5053f7b425d2019a254d4952814a752c2987302
-
SHA256
736cda5b2775ef1e9b3c1aca74c6bb2adfe737d001dcd935bcbe8ee62958ebbb
-
SHA512
d1281dcaa794a85fa76163a0ec2b87a5745ceacd559c90f39ca5cd6b6f610e77839b3f9b3ff8866bc64ea104e975133222e8ca4966bbfa583f20466c8c1674b5
-
SSDEEP
786432:1HI5TJ/XpqhDctzm+deBbq2O879gNBCN3KHLlLYWCA16pNa5AlomnNCs7t8X:1o5TJ/5qhD4S++W2Ou9oBCN6HqWJ16pw
Static task
static1
Behavioral task
behavioral1
Sample
736cda5b2775ef1e9b3c1aca74c6bb2adfe737d001dcd935bcbe8ee62958ebbb.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
736cda5b2775ef1e9b3c1aca74c6bb2adfe737d001dcd935bcbe8ee62958ebbb.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
736cda5b2775ef1e9b3c1aca74c6bb2adfe737d001dcd935bcbe8ee62958ebbb
-
Size
31.9MB
-
MD5
1b5a9cdfb1e2e5525ba77008aacfed3d
-
SHA1
f5053f7b425d2019a254d4952814a752c2987302
-
SHA256
736cda5b2775ef1e9b3c1aca74c6bb2adfe737d001dcd935bcbe8ee62958ebbb
-
SHA512
d1281dcaa794a85fa76163a0ec2b87a5745ceacd559c90f39ca5cd6b6f610e77839b3f9b3ff8866bc64ea104e975133222e8ca4966bbfa583f20466c8c1674b5
-
SSDEEP
786432:1HI5TJ/XpqhDctzm+deBbq2O879gNBCN3KHLlLYWCA16pNa5AlomnNCs7t8X:1o5TJ/5qhD4S++W2Ou9oBCN6HqWJ16pw
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-