General
-
Target
FACT_RY65855PAT0.zip
-
Size
1.6MB
-
Sample
230331-y5dsysdb53
-
MD5
a4521647084440145b327fc74a5b7922
-
SHA1
ac66a8615c9dba87b048c3853487a6cc92eac067
-
SHA256
c3b6ff8f7c6b617152a1c42612d4de0dc179ea007bd83ef9ecf28b623798d734
-
SHA512
d3241d10501441d4e4f11a270e59882a971ff589e53b0f52617a197be32530c902f91ea813608875ccc8691f981e2337c0131413cc8dec34265403819e54be7a
-
SSDEEP
49152:S/cvzKc9OLA1kFhayM4H9cAFi1u1aKAI3mQDV:SULP9H1kyylHziI17A8mQB
Static task
static1
Behavioral task
behavioral1
Sample
FACT_RY65855PAT0.zip
Resource
win7-20230220-es
Behavioral task
behavioral2
Sample
FACT_RY65855PAT0.zip
Resource
win10v2004-20230220-es
Behavioral task
behavioral3
Sample
FACT_RY65855PAT0.exe
Resource
win7-20230220-es
Behavioral task
behavioral4
Sample
FACT_RY65855PAT0.exe
Resource
win10v2004-20230221-es
Behavioral task
behavioral5
Sample
~.exe
Resource
win7-20230220-es
Behavioral task
behavioral6
Sample
~.exe
Resource
win10v2004-20230220-es
Malware Config
Targets
-
-
Target
FACT_RY65855PAT0.zip
-
Size
1.6MB
-
MD5
a4521647084440145b327fc74a5b7922
-
SHA1
ac66a8615c9dba87b048c3853487a6cc92eac067
-
SHA256
c3b6ff8f7c6b617152a1c42612d4de0dc179ea007bd83ef9ecf28b623798d734
-
SHA512
d3241d10501441d4e4f11a270e59882a971ff589e53b0f52617a197be32530c902f91ea813608875ccc8691f981e2337c0131413cc8dec34265403819e54be7a
-
SSDEEP
49152:S/cvzKc9OLA1kFhayM4H9cAFi1u1aKAI3mQDV:SULP9H1kyylHziI17A8mQB
Score1/10 -
-
-
Target
FACT_RY65855PAT0.exe
-
Size
1.8MB
-
MD5
3d6b870b71fe64e9fab41314f4ff75cf
-
SHA1
45e91fc8eb9cace7143d06a39166108b5531607a
-
SHA256
1eeb7c8ef775f5bf2f0e19d3fccc2df475aadb65a039fbdc0593ed48d6ed24ae
-
SHA512
d093533ca4ca8e82029ef47c4135e15c99494e25d9db3ce49d06fb89cce44ee934288e98b15561b95911522a3f1b5e49f23a853b68389e53caebd7c88194c5d9
-
SSDEEP
49152:eGj78kv0nmHkhPk0+mzTcg/S1OJqqA0ieped:ZXrv/Hky0RzPSMJ9AQod
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
~
-
Size
256KB
-
MD5
56354f6191810e362bf2ae7b3f6e82b4
-
SHA1
98260eb9dbec4ef777939937b4ca797ac336e3ff
-
SHA256
95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11
-
SHA512
fb40abe4838e4026a4b1c826566454ff181e68bf7f7929777f2ea63e55a8242c65f12dffb274e8c46f5f1bcb7f42661c41e7b2a62ed39050814a45de54ab8b30
-
SSDEEP
6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPnAeb:bCfLZadcM24fRNXe
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-