General
-
Target
VirtualBox_Windows XP_05_04_2023_20_39_32.png
-
Size
514KB
-
Sample
230406-bjq5tsae46
-
MD5
d5691c8c26d810e2f66e738a459dc46a
-
SHA1
0bb23f9615082aef142a5e53014179e2d3f9f108
-
SHA256
13fc9c8ff624f7b62e9e8281678bc4dd4ae35112e437eff0a32f18049eaf564a
-
SHA512
ec6ef3c42fa717bb9abd7c6d4d4fa0cb3f016fdec0dcbcf31cf22a0de3f1f743ff9c407c8311cdb695b622a1fc852417d39505dafa002559b2552e6f339b3b7d
-
SSDEEP
12288:jJsTBUcsEaUZBvNjJhl1QaAB8JhKwqtJsmOEYNZ91Lgon2RIadYq7:jJubq+BvNt1QFk5qz3YN+IoYq7
Malware Config
Targets
-
-
Target
VirtualBox_Windows XP_05_04_2023_20_39_32.png
-
Size
514KB
-
MD5
d5691c8c26d810e2f66e738a459dc46a
-
SHA1
0bb23f9615082aef142a5e53014179e2d3f9f108
-
SHA256
13fc9c8ff624f7b62e9e8281678bc4dd4ae35112e437eff0a32f18049eaf564a
-
SHA512
ec6ef3c42fa717bb9abd7c6d4d4fa0cb3f016fdec0dcbcf31cf22a0de3f1f743ff9c407c8311cdb695b622a1fc852417d39505dafa002559b2552e6f339b3b7d
-
SSDEEP
12288:jJsTBUcsEaUZBvNjJhl1QaAB8JhKwqtJsmOEYNZ91Lgon2RIadYq7:jJubq+BvNt1QFk5qz3YN+IoYq7
Score8/10-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-