General
-
Target
infected (2).rar
-
Size
1.2MB
-
Sample
230401-vc2grscf4w
-
MD5
6aa0afe7ec2fc64c47d0b26ac7dda8f9
-
SHA1
2d33d1630daf7a9bf082363639594d87e5f391fc
-
SHA256
47d53a6d231fb86dcb89dd2f83560654cc427d495e9ba72413c9033683c3cdf9
-
SHA512
76625a7d15379d3bc17f20e0bd87ee2c992d34b8a403d18192ef2aedb7b1ae5225e565a61d9182b25c92c92c247afad32240f0764f8b2040c9e821b22702dc9e
-
SSDEEP
24576:TS33JMVT3+no0acdNugVSj8UTXLd1p6ob+bN2ty0ktLbw4JCJan87:TSnJMVuno5JgQlT7P0/bMty0kZCMS
Static task
static1
Behavioral task
behavioral1
Sample
infected (2)/1/Application.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
infected (2)/1/Application.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
infected (2)/1/XLGameUpdate.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
infected (2)/1/XLGameUpdate.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
infected (2)/2/Console.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
infected (2)/2/Console.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
infected (2)/1/Application.exe
-
Size
566KB
-
MD5
d39006b5f48fb225c61b75414c712a58
-
SHA1
7eb5c3dda79df5a2e958ba34e3d43c19b4bb7b4b
-
SHA256
c936f1598721a9a92d7f31c6c13b55013b8a2a344e3df4156e5b033006336544
-
SHA512
e91e47d6c11878a5a92cd6afb56b09a34c273784d00482ffe7bfbdf516b6e072083290cf5b27554d5614b13e6a8a9bfa5dce5cc6ce2f91bc3e5a98d326d27011
-
SSDEEP
12288:4SL9St9NTTTQnGBxUAh8qVoxZBlgNuyfOuZzUbA5Od1Dbp6C2H:dLEt9NTnQcxVofAEIYkybp12H
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
infected (2)/1/XLGameUpdate.exe
-
Size
422KB
-
MD5
08e6daf4f5d3480ba8d55fb284ef7b2b
-
SHA1
6a8e5c27d9cfe0a4570f981944e27f3755638415
-
SHA256
769d59d03036af86c7a9950f03ebc7b693a94d3e2f8ecd1d74cf5600ab948105
-
SHA512
aaeee94ec0e4f758bdb98bb9117c5389c04bf8101cc9839eb1dfa2a6214f94175082f7fc79a358435f5ed3c30631632e3d1e587cda2f6922ed601d0189020e36
-
SSDEEP
12288:OoAts1BDoHXcNKecznBaRR4KAQ+GLRRaKC3uqCR0gLL:OIynBaRz+GLfqCR0gLL
Score1/10 -
-
-
Target
infected (2)/2/Console.exe
-
Size
1.0MB
-
MD5
3aaf501f5a33c7b5457cdc9d876175e4
-
SHA1
984dd31cde0808a038ab7dda7c725589d9b93ccf
-
SHA256
f57a2410ce496f17befaf980e3d38156f6f3641b2daa546ac42fc5181c2cce89
-
SHA512
f8ad9a8d86aab7b0c3f3008f5ee2530bf5515fd1128882394add2ca66cbab073694fd5cae8ebc3927af493a103f523fdcde6672ff07bfa02f391d07e4e9c44c0
-
SSDEEP
24576:hjXTI+uEu0on2l+syXOCHAvJNMVqT5HjTEtkD9UQwZqF2nbJ:GZn2l+syXOCHAvXvTdEtaXw4F2nbJ
Score8/10-
Modifies Windows Firewall
-