General
-
Target
MBSetup.exe
-
Size
2.5MB
-
Sample
230510-rsqhnaab7v
-
MD5
9bc4a495d9fbc4184e8fa89059cd56e5
-
SHA1
3caa39c393d50e6ec7c525b2f82348871c0a30d5
-
SHA256
ac18ceb7c2673d98a770f01782394ced5254dd5709f16b9ef63d5405bcc9a73b
-
SHA512
6b12bd8a1a77350a5e97154c33eb534175d597cfed60bd333c5f04e5de232508fbbbe7bb2b3381dd5643c3d7e2b8ad5ab3594702b1886096d91c9c2d91619a05
-
SSDEEP
49152:y6RHJTCgMa4QiASD3AP0wxZN2DxiIq2dnQiQxexG:5RX4QiAKM/WRq2xq
Static task
static1
Behavioral task
behavioral1
Sample
MBSetup.exe
Resource
win10v2004-20230220-es
Malware Config
Targets
-
-
Target
MBSetup.exe
-
Size
2.5MB
-
MD5
9bc4a495d9fbc4184e8fa89059cd56e5
-
SHA1
3caa39c393d50e6ec7c525b2f82348871c0a30d5
-
SHA256
ac18ceb7c2673d98a770f01782394ced5254dd5709f16b9ef63d5405bcc9a73b
-
SHA512
6b12bd8a1a77350a5e97154c33eb534175d597cfed60bd333c5f04e5de232508fbbbe7bb2b3381dd5643c3d7e2b8ad5ab3594702b1886096d91c9c2d91619a05
-
SSDEEP
49152:y6RHJTCgMa4QiASD3AP0wxZN2DxiIq2dnQiQxexG:5RX4QiAKM/WRq2xq
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Modifies RDP port number used by Windows
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-