General
-
Target
Bell Schedules Website.pdf
-
Size
734KB
-
Sample
230331-3wkblaee62
-
MD5
3176eae34d151ff3d00f5f68ad01ef19
-
SHA1
2fdc90be5afb16f85f057dcb1689f5ad2d948dfd
-
SHA256
76912a5ef9d612f18ac0053022aa41ee06bb8e920c1bc8a6335f5c366a5b76e2
-
SHA512
743190339596ac865b80eee2f4f509c62a6441dc2734c31d31788aff6d82d8eb4c047a81c1a4b01f843cb2b23a2783e8e12c599e5c4c72ac013b609ef5e3a27e
-
SSDEEP
12288:xqnceOMbrfZT/GaQJn+j3GLbPXVGwN+TLYWRmSZQUyWMycQbYXalS3CuLwQ0bMB2:9t4V0kWnPXVGK+TLNRnQplQb10IQip
Static task
static1
Behavioral task
behavioral1
Sample
Bell Schedules Website.pdf
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
Bell Schedules Website.pdf
-
Size
734KB
-
MD5
3176eae34d151ff3d00f5f68ad01ef19
-
SHA1
2fdc90be5afb16f85f057dcb1689f5ad2d948dfd
-
SHA256
76912a5ef9d612f18ac0053022aa41ee06bb8e920c1bc8a6335f5c366a5b76e2
-
SHA512
743190339596ac865b80eee2f4f509c62a6441dc2734c31d31788aff6d82d8eb4c047a81c1a4b01f843cb2b23a2783e8e12c599e5c4c72ac013b609ef5e3a27e
-
SSDEEP
12288:xqnceOMbrfZT/GaQJn+j3GLbPXVGwN+TLYWRmSZQUyWMycQbYXalS3CuLwQ0bMB2:9t4V0kWnPXVGK+TLNRnQplQb10IQip
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-