General
-
Target
NoEscape8.0.exe
-
Size
15.0MB
-
Sample
230610-fkx2zsec45
-
MD5
1c18f75dafd667fb5559cf9b7cb5868e
-
SHA1
deab3392cf25ebc52f15ecdcf7e4187dcaec81f7
-
SHA256
bf3c03ff11e6610bbf806084ec2d58cd5aacb87e52cbf965a789fa74584de3a5
-
SHA512
c68c8ee27265c81e7bb6ead434436398d198b9c2ce83092a8deb8539045b10b47ed660e2451297edd7eeebedc5254000fd5ad481f4642f64f4d74d6a964d3015
-
SSDEEP
393216:ph/RLjBJPkh/6StJ+4qnWSz0hgSovW+PABRMW:phVcm9z06WEORX
Malware Config
Targets
-
-
Target
NoEscape8.0.exe
-
Size
15.0MB
-
MD5
1c18f75dafd667fb5559cf9b7cb5868e
-
SHA1
deab3392cf25ebc52f15ecdcf7e4187dcaec81f7
-
SHA256
bf3c03ff11e6610bbf806084ec2d58cd5aacb87e52cbf965a789fa74584de3a5
-
SHA512
c68c8ee27265c81e7bb6ead434436398d198b9c2ce83092a8deb8539045b10b47ed660e2451297edd7eeebedc5254000fd5ad481f4642f64f4d74d6a964d3015
-
SSDEEP
393216:ph/RLjBJPkh/6StJ+4qnWSz0hgSovW+PABRMW:phVcm9z06WEORX
Score8/10-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-