General
-
Target
startup.exe
-
Size
3.9MB
-
Sample
230403-apg9fadb5t
-
MD5
f9d653cfd59bf94924d5e5de664d9551
-
SHA1
e77cf1a565322a026802fb7333bca2714f42ee4d
-
SHA256
74ae420d08ac07c20d205b449896aee75926c45c6236608463710a5a01c1644f
-
SHA512
1ad65b059b2a6e5e6ce8601977472fd23e562956de0929302e2fc445417498b5cb9abb43fffd8ada52fbcc04c9b783bbd7fef09c939401e1b218914884b87ea4
-
SSDEEP
98304:2INSsMuJIh61BCmK8S9u5fOlvXXdRE4Y6dtKGqTe8ot:L1Q6nCmKp1XX3M63eyrt
Static task
static1
Behavioral task
behavioral1
Sample
startup.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
startup.exe
-
Size
3.9MB
-
MD5
f9d653cfd59bf94924d5e5de664d9551
-
SHA1
e77cf1a565322a026802fb7333bca2714f42ee4d
-
SHA256
74ae420d08ac07c20d205b449896aee75926c45c6236608463710a5a01c1644f
-
SHA512
1ad65b059b2a6e5e6ce8601977472fd23e562956de0929302e2fc445417498b5cb9abb43fffd8ada52fbcc04c9b783bbd7fef09c939401e1b218914884b87ea4
-
SSDEEP
98304:2INSsMuJIh61BCmK8S9u5fOlvXXdRE4Y6dtKGqTe8ot:L1Q6nCmKp1XX3M63eyrt
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-