General
-
Target
TG.exe
-
Size
89.8MB
-
Sample
230331-2ye9zseb68
-
MD5
088db1e8b0b750ca9c740f5631ad8520
-
SHA1
61fdf8e84b0582a429c82cf4279f6ca3ff5ee943
-
SHA256
30d3f83b6ff5065c299f5d4add937e5daba953c08cbcb8ffa828d364ea11f9ca
-
SHA512
3380e24857c17a8e04fa8cb4af5a27e226e9695ce7d4bac361738d3be1a78ff38bf82384a0aab16fee8e7676dd07a96cb78dd43369427f018d16a593e5fedd39
-
SSDEEP
1572864:Gqb9YtmOnSquYMpXPSwmsjnhIqUmptrvcMyUKzq5nchljMCiQBb:3bC0OSzYm6wmGIqUK0Zz/jWQBb
Static task
static1
Behavioral task
behavioral1
Sample
TG.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
TG.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
TG.exe
-
Size
89.8MB
-
MD5
088db1e8b0b750ca9c740f5631ad8520
-
SHA1
61fdf8e84b0582a429c82cf4279f6ca3ff5ee943
-
SHA256
30d3f83b6ff5065c299f5d4add937e5daba953c08cbcb8ffa828d364ea11f9ca
-
SHA512
3380e24857c17a8e04fa8cb4af5a27e226e9695ce7d4bac361738d3be1a78ff38bf82384a0aab16fee8e7676dd07a96cb78dd43369427f018d16a593e5fedd39
-
SSDEEP
1572864:Gqb9YtmOnSquYMpXPSwmsjnhIqUmptrvcMyUKzq5nchljMCiQBb:3bC0OSzYm6wmGIqUK0Zz/jWQBb
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-