General
-
Target
MinecraftInstaller.exe
-
Size
32.0MB
-
Sample
230401-rs8n8sbh8v
-
MD5
7b681d2a775f0505b4fa4e6899730ec0
-
SHA1
285e9a0f1c3a5aef9b63c1089c4e9847bb176d3e
-
SHA256
1369e029a6b0da91db5e735b2942b1a5549dfb909ab1e98b919481a04b7cf5e6
-
SHA512
4746fbd6b7094e07e82a9720b1243cb43663408a5c581a274508e8bf44fcb4e254ae24bec6951761ae488c6f64eeb938bf4d613587f93f3378174f7eea2f1016
-
SSDEEP
393216:Tbekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9y:OZn/G4Gqk1cWe2iTVCMue3
Static task
static1
Behavioral task
behavioral1
Sample
MinecraftInstaller.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
metasploit
windows/single_exec
Extracted
C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT
http://golden5a4eqranh7.onion/wCtGf6gr
http://goldeny4vs3nyoht.onion/wCtGf6gr
Targets
-
-
Target
MinecraftInstaller.exe
-
Size
32.0MB
-
MD5
7b681d2a775f0505b4fa4e6899730ec0
-
SHA1
285e9a0f1c3a5aef9b63c1089c4e9847bb176d3e
-
SHA256
1369e029a6b0da91db5e735b2942b1a5549dfb909ab1e98b919481a04b7cf5e6
-
SHA512
4746fbd6b7094e07e82a9720b1243cb43663408a5c581a274508e8bf44fcb4e254ae24bec6951761ae488c6f64eeb938bf4d613587f93f3378174f7eea2f1016
-
SSDEEP
393216:Tbekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9y:OZn/G4Gqk1cWe2iTVCMue3
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-