General
-
Target
public.zip
-
Size
133KB
-
Sample
230331-wjcbwsde8t
-
MD5
5ec2c7864337423326b6676268144741
-
SHA1
8a47c63f3311025a21c77c7db63d7e86b0a5a5b6
-
SHA256
81afee9ed9a4c9fbff4027eecec036f0bfaf5a3a5c9f1d597c6d2b41593bcd54
-
SHA512
47e9eabcdefe55ba01df2a15868f82afbca86aeb89ac807a7c71af54286266e591093dc3dadd79136662cba1d85ab675a4f1bd22c112168024c05f5b7fd47729
-
SSDEEP
3072:pxzM/hCtgchO+U/LUBxphtB99vC7RGFgvzOzx166Ge:pGQtgcZ7uAMQLGe
Malware Config
Targets
-
-
Target
public.zip
-
Size
133KB
-
MD5
5ec2c7864337423326b6676268144741
-
SHA1
8a47c63f3311025a21c77c7db63d7e86b0a5a5b6
-
SHA256
81afee9ed9a4c9fbff4027eecec036f0bfaf5a3a5c9f1d597c6d2b41593bcd54
-
SHA512
47e9eabcdefe55ba01df2a15868f82afbca86aeb89ac807a7c71af54286266e591093dc3dadd79136662cba1d85ab675a4f1bd22c112168024c05f5b7fd47729
-
SSDEEP
3072:pxzM/hCtgchO+U/LUBxphtB99vC7RGFgvzOzx166Ge:pGQtgcZ7uAMQLGe
Score8/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-