General
-
Target
FACT_D755N50T2.zip
-
Size
1.3MB
-
Sample
230407-a3k79afg66
-
MD5
1ffb97002478a0be7ea3920cfaf3a0f4
-
SHA1
2ff89c5b5f73d16c09ad374f5c11fbbed7440c2b
-
SHA256
0e7c1a20ca3eda9ce134734e536bbdb79c707c84574e4fde8633960f290499b3
-
SHA512
ed0fc29ab6dacec93f514360950baf86099ac11c195fbb218c687dd6b766016c9456315e85c1f9df8ac11690980785205ba4b45545749026491f3f00b09d5d79
-
SSDEEP
24576:LE2mrQ0g6l/k/jpVlYQ3m+L5kUV1BQKSkkn4Iho2zy93Qd5DNfHLBG5npiG1z3xK:h0g69k1VlYQWFUhakWhVasftEZA
Static task
static1
Behavioral task
behavioral1
Sample
FACT_D755N50T2.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
FACT_D755N50T2.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
~.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
~.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
FACT_D755N50T2.exe
-
Size
1.5MB
-
MD5
35e24a8ce72dd5360fc826947abfdc10
-
SHA1
929e014f9d6271ae3ce82d5dadcd674631c9c779
-
SHA256
d0fbbba4a32cf5156daf563e6fa9b2133cc11b85a7a2632411eb7195ab35e9c7
-
SHA512
558bc4ac4c9da60fea107037789cfa7cb0cbe10829687bf50f71afb0cfa51bc74f5d5f478c59914e8e55f5b6bd4d9e487a3b1286327491189aa5e90f0c38cf4e
-
SSDEEP
24576:Z6Ykri0w6Hf0PjnVlYI5YALlgKPlDQKimQn+IZQaL89V6pZE1rrrrrrrrrrrrrrl:pKw6/0zVlYIqXKNKmGZXgZpO8
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
~
-
Size
256KB
-
MD5
56354f6191810e362bf2ae7b3f6e82b4
-
SHA1
98260eb9dbec4ef777939937b4ca797ac336e3ff
-
SHA256
95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11
-
SHA512
fb40abe4838e4026a4b1c826566454ff181e68bf7f7929777f2ea63e55a8242c65f12dffb274e8c46f5f1bcb7f42661c41e7b2a62ed39050814a45de54ab8b30
-
SSDEEP
6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPnAeb:bCfLZadcM24fRNXe
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-