General
-
Target
449dfb001ec66253cd32dc9205836faa08b5ddb28b8a32bed3bf8805c54e1185
-
Size
10.0MB
-
Sample
230401-fh67waga58
-
MD5
48185b9d80c6fe5b1987755507322cd6
-
SHA1
a3232833bc84314fe081c93864e0b4df737b90f3
-
SHA256
449dfb001ec66253cd32dc9205836faa08b5ddb28b8a32bed3bf8805c54e1185
-
SHA512
55d0c666492ecdfccf71a2fae55c54d7eca402650cf64f049621a97f6abda8c0e1f7ae4128482016b85b7c33129a5426cd01ce6a754c017f6cfd456e44e37410
-
SSDEEP
196608:jbfSWxOu68KU2vzQ8aVoKPPg2mQm1wOWDjOwbcToKxQNO9U:/fEu68wzGmgo2hrFDjf4oKiO9U
Static task
static1
Behavioral task
behavioral1
Sample
449dfb001ec66253cd32dc9205836faa08b5ddb28b8a32bed3bf8805c54e1185.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
449dfb001ec66253cd32dc9205836faa08b5ddb28b8a32bed3bf8805c54e1185
-
Size
10.0MB
-
MD5
48185b9d80c6fe5b1987755507322cd6
-
SHA1
a3232833bc84314fe081c93864e0b4df737b90f3
-
SHA256
449dfb001ec66253cd32dc9205836faa08b5ddb28b8a32bed3bf8805c54e1185
-
SHA512
55d0c666492ecdfccf71a2fae55c54d7eca402650cf64f049621a97f6abda8c0e1f7ae4128482016b85b7c33129a5426cd01ce6a754c017f6cfd456e44e37410
-
SSDEEP
196608:jbfSWxOu68KU2vzQ8aVoKPPg2mQm1wOWDjOwbcToKxQNO9U:/fEu68wzGmgo2hrFDjf4oKiO9U
-
Detectes Phoenix Miner Payload
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-