General
-
Target
.
-
Size
1KB
-
Sample
230405-ywhesahc47
-
MD5
017daa6b8b8738a55202b96049750742
-
SHA1
ce93b434141424b2158e90a01c682d3e17bd8556
-
SHA256
aa4754118865fb4e1fb112a45142355db4b17a6b20ac279e5fefb707576c0cdf
-
SHA512
842d81746e6254f3171e858faab3dd56346de5933286923f410a60886bdeeb50fe5ad5b43b896ff8904bb7e73d508de81a9243923c982b5f9b71816e37b0a563
Static task
static1
Behavioral task
behavioral1
Sample
.html
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
.
-
Size
1KB
-
MD5
017daa6b8b8738a55202b96049750742
-
SHA1
ce93b434141424b2158e90a01c682d3e17bd8556
-
SHA256
aa4754118865fb4e1fb112a45142355db4b17a6b20ac279e5fefb707576c0cdf
-
SHA512
842d81746e6254f3171e858faab3dd56346de5933286923f410a60886bdeeb50fe5ad5b43b896ff8904bb7e73d508de81a9243923c982b5f9b71816e37b0a563
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-