01e51b0029cd7af73a46ede5d0b6bf0a3f799e568af52a06fb49e3e4aa9785fa

General

Target

fact.zip
Size

1.5MB
Sample

230420-tchtzsch2t
MD5

72c7d03529decca676aa353cb351be0b
SHA1

d81b1e911358d6a672a7898b43388faefa69e1a8
SHA256

01e51b0029cd7af73a46ede5d0b6bf0a3f799e568af52a06fb49e3e4aa9785fa
SHA512

3544b7b19a613dbead84e62f45fe5d82a4be3f23c5f1a532ea90510a33d70385cf90a0ed7c75733c3a2f9de96f322387cc6e37be8963d116662274a45af89ea2
SSDEEP

24576:C7MB9bJy+8Krf42blmDsVVz2YGuiMZhLc9L0sToy/nbtsKBk3qxcD5jp4iG1z3xe:C7MHoIHWwyCiMvg94c3vxsKBktt6Q

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  fact.zip
- Size
  
  1.5MB
- MD5
  
  72c7d03529decca676aa353cb351be0b
- SHA1
  
  d81b1e911358d6a672a7898b43388faefa69e1a8
- SHA256
  
  01e51b0029cd7af73a46ede5d0b6bf0a3f799e568af52a06fb49e3e4aa9785fa
- SHA512
  
  3544b7b19a613dbead84e62f45fe5d82a4be3f23c5f1a532ea90510a33d70385cf90a0ed7c75733c3a2f9de96f322387cc6e37be8963d116662274a45af89ea2
- SSDEEP
  
  24576:C7MB9bJy+8Krf42blmDsVVz2YGuiMZhLc9L0sToy/nbtsKBk3qxcD5jp4iG1z3xe:C7MHoIHWwyCiMvg94c3vxsKBktt6Q
Score

1^/10
behavioral1 behavioral2
- Target
  
  FACT_IUPV576J68.exe
- Size
  
  1.7MB
- MD5
  
  29e72922c0a2862d935203a7e8c18e41
- SHA1
  
  eef23f3a4b7179b8ec0e38582426321a63840ec2
- SHA256
  
  470508c548db1d2b83c787be58fee42e3dd0257cb15dfb2b4beac6bd01e76d2e
- SHA512
  
  94a56844ff9f3a13288aa99624e1b49ec64e15fbd1bfa6807b58e0e3ac444c652fb622f069a26c4584a7af4b037fbe8528ef12a78d82d5ae9b91277446785c01
- SSDEEP
  
  24576:YpcBFnJc+8KR32GbBsVsV5z2yyukwFhbc9FeO9ok/1XHsWjiHq91rrrrrrrrrrrp:YpcLCQTAgyIkwLw9gS5tXsWji8pGM
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  ~
- Size
  
  256KB
- MD5
  
  56354f6191810e362bf2ae7b3f6e82b4
- SHA1
  
  98260eb9dbec4ef777939937b4ca797ac336e3ff
- SHA256
  
  95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11
- SHA512
  
  fb40abe4838e4026a4b1c826566454ff181e68bf7f7929777f2ea63e55a8242c65f12dffb274e8c46f5f1bcb7f42661c41e7b2a62ed39050814a45de54ab8b30
- SSDEEP
  
  6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPnAeb:bCfLZadcM24fRNXe
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6