General
-
Target
RStudio32.exe
-
Size
20.9MB
-
Sample
230611-nwrncahg21
-
MD5
5dc2ba5e8d89d68ef4e876193bb2f764
-
SHA1
fb051e2fd1acb4bf4f4434a1e6e56059015b0ab4
-
SHA256
555e785c385d5f89be4843f66c2b96dc9bc87b8177c833b2f2265b9d6bcb4b3c
-
SHA512
4fea40f81861623c0cb1487e85642318d4477957fb5d4e380eb3c5462a58c75eed85de5e627ffc35575046728c92d1bfdda20217d2b6a2b8e9d31c2c4a7c7a4d
-
SSDEEP
393216:LQWOgpNkM8M04aLEr6Mb/8SzH9Q/HcK4dPyWW5Suqm4/CKjSyF:LQm/0LEdX+/Hn0W5SjgKjXF
Malware Config
Targets
-
-
Target
RStudio32.exe
-
Size
20.9MB
-
MD5
5dc2ba5e8d89d68ef4e876193bb2f764
-
SHA1
fb051e2fd1acb4bf4f4434a1e6e56059015b0ab4
-
SHA256
555e785c385d5f89be4843f66c2b96dc9bc87b8177c833b2f2265b9d6bcb4b3c
-
SHA512
4fea40f81861623c0cb1487e85642318d4477957fb5d4e380eb3c5462a58c75eed85de5e627ffc35575046728c92d1bfdda20217d2b6a2b8e9d31c2c4a7c7a4d
-
SSDEEP
393216:LQWOgpNkM8M04aLEr6Mb/8SzH9Q/HcK4dPyWW5Suqm4/CKjSyF:LQm/0LEdX+/Hn0W5SjgKjXF
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-