General
-
Target
5566307948dfd41c2eb5797799c08e41
-
Size
3.6MB
-
Sample
240112-eap3yseaej
-
MD5
5566307948dfd41c2eb5797799c08e41
-
SHA1
8ab0db21fd8fa12768ecc34e8a68d0d5428fd598
-
SHA256
e6b3c15ce544b132f38151b8c97fa7fd73eb3ac108ba0199ce6b72649c050c57
-
SHA512
db1fe9c7825671ca0b5df06b768b39a681d6f49c96aca60cf0c91ea007e9fc1cdcda4d6fcdba23a11985f76978a6d36549dd8b3b0a28755d3587e7e4088e598c
-
SSDEEP
98304:QeNjBijt85456c/RkrAQNH4WJYKpfFekDXGtMHPU:9jBijt8PmizY0/skDVc
Malware Config
Targets
-
-
Target
5566307948dfd41c2eb5797799c08e41
-
Size
3.6MB
-
MD5
5566307948dfd41c2eb5797799c08e41
-
SHA1
8ab0db21fd8fa12768ecc34e8a68d0d5428fd598
-
SHA256
e6b3c15ce544b132f38151b8c97fa7fd73eb3ac108ba0199ce6b72649c050c57
-
SHA512
db1fe9c7825671ca0b5df06b768b39a681d6f49c96aca60cf0c91ea007e9fc1cdcda4d6fcdba23a11985f76978a6d36549dd8b3b0a28755d3587e7e4088e598c
-
SSDEEP
98304:QeNjBijt85456c/RkrAQNH4WJYKpfFekDXGtMHPU:9jBijt8PmizY0/skDVc
Score9/10-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Enumerates VirtualBox registry keys
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-