General
-
Target
tokyo-japon-2769148447.png
-
Size
674KB
-
Sample
230630-rsljpsed6s
-
MD5
8be84e64128bcef03143af91c921e2c4
-
SHA1
80299eb1b19cbd93f0e93d3d84b8c593e3495c05
-
SHA256
88ae7f01d18e6a5a47f8abe63d168c8333467ea8674617a0d369c8c4730044e3
-
SHA512
cf9ea24a99405f71c53d0dcb2cdb4aef73a022a38428b702d4c3796f7bf2495d75ae64036b6ff0c3c24b0c99afb773d45155c9f96d29ffbb5f901c3fcfb0dba7
-
SSDEEP
12288:MLMQ5cHWOgpqd8ZCrd666oXCUlloSYbMVEMtLaVeIY0VL1CVQdPtXlqDmWOdu:7QqHWOFd76oXCehYoV/aY0d86PtMAu
Malware Config
Targets
-
-
Target
tokyo-japon-2769148447.png
-
Size
674KB
-
MD5
8be84e64128bcef03143af91c921e2c4
-
SHA1
80299eb1b19cbd93f0e93d3d84b8c593e3495c05
-
SHA256
88ae7f01d18e6a5a47f8abe63d168c8333467ea8674617a0d369c8c4730044e3
-
SHA512
cf9ea24a99405f71c53d0dcb2cdb4aef73a022a38428b702d4c3796f7bf2495d75ae64036b6ff0c3c24b0c99afb773d45155c9f96d29ffbb5f901c3fcfb0dba7
-
SSDEEP
12288:MLMQ5cHWOgpqd8ZCrd666oXCUlloSYbMVEMtLaVeIY0VL1CVQdPtXlqDmWOdu:7QqHWOFd76oXCehYoV/aY0d86PtMAu
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-