General
-
Target
sample
-
Size
4KB
-
Sample
230331-we1tpacb87
-
MD5
49f3a1d6a13354be7af0a1e34a051bbd
-
SHA1
b0fa3f021dbd37bf5fc737efae4746636eb25964
-
SHA256
cba6e26eb7209d748803660004c70b227848798900713fc043f7245b097be9ac
-
SHA512
3a42902caa6cea859aa2189aeea3430208d7cf1b839231153b3aed8af67dd87ac22c28688d9d8f027d8662e1772965417dcda9086d7645b4302b3282dee9faa7
-
SSDEEP
96:1j9jwIjYj5jDK/D5DMF+C89ZqXKHvpIkdNkrRB9PaQxJbGD:1j9jhjYj9K/Vo+nuaHvFdNkrv9ieJGD
Static task
static1
Behavioral task
behavioral1
Sample
sample.html
Resource
win10v2004-20230220-es
Malware Config
Targets
-
-
Target
sample
-
Size
4KB
-
MD5
49f3a1d6a13354be7af0a1e34a051bbd
-
SHA1
b0fa3f021dbd37bf5fc737efae4746636eb25964
-
SHA256
cba6e26eb7209d748803660004c70b227848798900713fc043f7245b097be9ac
-
SHA512
3a42902caa6cea859aa2189aeea3430208d7cf1b839231153b3aed8af67dd87ac22c28688d9d8f027d8662e1772965417dcda9086d7645b4302b3282dee9faa7
-
SSDEEP
96:1j9jwIjYj5jDK/D5DMF+C89ZqXKHvpIkdNkrRB9PaQxJbGD:1j9jhjYj9K/Vo+nuaHvFdNkrv9ieJGD
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-