General
-
Target
1003.exe
-
Size
255KB
-
Sample
230402-kw74jsgg8z
-
MD5
0246bb54723bd4a49444aa4ca254845a
-
SHA1
151382e82fbcfdf188b347911bd6a34293c14878
-
SHA256
8cf50ae247445de2e570f19705236ed4b1e19f75ca15345e5f00857243bc0e9b
-
SHA512
8b920699602ad00015ececf7f58a181e311a6726aece237de86fcc455d0e6fcb587fe46f6ef2e86a34fe1c52d835c5e2a547874a7906315247f07daa30e4323a
-
SSDEEP
6144:m28cv8eNLO1cy4uWj6x5OEbHyL3IKwCQLcw:m/MLNLO1B5TRbSbI/Cg
Static task
static1
Behavioral task
behavioral1
Sample
1003.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
1003.exe
-
Size
255KB
-
MD5
0246bb54723bd4a49444aa4ca254845a
-
SHA1
151382e82fbcfdf188b347911bd6a34293c14878
-
SHA256
8cf50ae247445de2e570f19705236ed4b1e19f75ca15345e5f00857243bc0e9b
-
SHA512
8b920699602ad00015ececf7f58a181e311a6726aece237de86fcc455d0e6fcb587fe46f6ef2e86a34fe1c52d835c5e2a547874a7906315247f07daa30e4323a
-
SSDEEP
6144:m28cv8eNLO1cy4uWj6x5OEbHyL3IKwCQLcw:m/MLNLO1B5TRbSbI/Cg
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-