8efec811b81ea3c1e20a2d0bf969e1fa51ff779963e893fffe5b0dd579c0f3b5

General

Target

dobrota.rar
Size

26.5MB
Sample

240326-xlwzrace6w
MD5

45cdfdb77d0505de4c90a60c8c131b63
SHA1

32281a0587bcf56f9096581657f4d0579fd37fd1
SHA256

8efec811b81ea3c1e20a2d0bf969e1fa51ff779963e893fffe5b0dd579c0f3b5
SHA512

06453fe5e161decdabb0f4765af318ae4e6e1ef6cc844a2d9c5e05f415c8709eced36e584a891606a7de2b472f2edeafeb2148becb1bacdb64aa6fa3cc390006
SSDEEP

393216:v2A6KXR4K9aF21yUsM6hgar4Vy4HCxBOhDmuJEWlT7eVccUFMJjFAipKARSWJqZJ:PivF26hgartBSmcxFMJzpKrWJ+6e

Score

7^/10

Malware Config

Targets

- Target
  
  dobrota.rar
- Size
  
  26.5MB
- MD5
  
  45cdfdb77d0505de4c90a60c8c131b63
- SHA1
  
  32281a0587bcf56f9096581657f4d0579fd37fd1
- SHA256
  
  8efec811b81ea3c1e20a2d0bf969e1fa51ff779963e893fffe5b0dd579c0f3b5
- SHA512
  
  06453fe5e161decdabb0f4765af318ae4e6e1ef6cc844a2d9c5e05f415c8709eced36e584a891606a7de2b472f2edeafeb2148becb1bacdb64aa6fa3cc390006
- SSDEEP
  
  393216:v2A6KXR4K9aF21yUsM6hgar4Vy4HCxBOhDmuJEWlT7eVccUFMJjFAipKARSWJqZJ:PivF26hgartBSmcxFMJzpKrWJ+6e
Score

3^/10
behavioral1
- Target
  
  dobrota/Clean/README.txt
- Size
  
  40B
- MD5
  
  5a4bea29423673c5ff5b0f33b643e82f
- SHA1
  
  0e97de1a69b08b80a78580c5acc4f9c50a20bad2
- SHA256
  
  20d44dc71ed3e3a0426e62dab307515cfc9fc25ddd3c84c2f19befb0cffebac0
- SHA512
  
  fdbec79fc9e2dcc8ccaf666a278ed95a4f17f282ef419055312404cb38268c74dbb982e2e6936b8e9fd62ed8b0aa01e4e3093c6e6e430f6a4fa2bdc0f7a907d8
Score

3^/10
behavioral2
- Target
  
  dobrota/Clean/dobrota_clean.exe
- Size
  
  7.7MB
- MD5
  
  c8b999419a3c103270290e99189f794c
- SHA1
  
  90148745b61d2c77c1694e43f11faaa9a3d05a0a
- SHA256
  
  9093ff3bc7e78cfe84cadc3a993eeb1c15ce497e94efdcf51c1adcafd0aedf18
- SHA512
  
  6e95c693eef199c511c81052b1b4e9bdbd94bcd2fee2b16660ece026e86e3535c2389fe91049407842c2cad81ab9f0521865edb28708f961d804f32111d4c47c
- SSDEEP
  
  98304:JJx19RrCwXU7tTao36KJt6Oe2NhqCZao4+Axhy4V7FLEMUH82Z3dFRsFVsKtOepA:9thk7IInbrIh17FFWZnR0VsAHndDNE
Score

7^/10
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3
- Target
  
  dobrota/README.txt
- Size
  
  160B
- MD5
  
  d9315a6f578c17343bbc3b576e5a6f5b
- SHA1
  
  0ed82af2ac51c7b2332b610535713cbec9ebc415
- SHA256
  
  cade81c198017a138cd11ebbae22f9e7071c9eb1c811772df08dcc75779349fd
- SHA512
  
  8c87fa793629d08ebd7a11df70176ec4d8033d0a134ca99ebe71f60becb0de428b4e265ad5c6d8120a2d7a660530177b64fab0b22143350806aebf77ad98a8ef
Score

3^/10
behavioral4
- Target
  
  dobrota/VC_redist.x86.exe
- Size
  
  13.1MB
- MD5
  
  ca778a97f31d6ab131f1e0bb58a466fb
- SHA1
  
  5b8637acc24f11e9bf83c77aacc8d529ea62d173
- SHA256
  
  91c21c93a88dd82e8ae429534dacbc7a4885198361eae18d82920c714e328cf9
- SHA512
  
  e2de89cb69803339f765bc1b29a7d6b24effd079f8296463ae6be0a0fdc99d2df2bc742c77b1e22ec320366ada672c022605c26ce21f7a59ba9246df8be9e27d
- SSDEEP
  
  393216:T1HRlptVYmfr7yBG/4YBOdojQ1GTp8Pg5kKE:T5DpttD7yBG/1xkCp/kKE
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral5
- Target
  
  dobrota/dobrota.exe
- Size
  
  7.8MB
- MD5
  
  1c33f964fbf5b3642d02e4b20ba6f2ac
- SHA1
  
  dcec14364a4548ce394906487a37f98bb1d12198
- SHA256
  
  10a45dc010df96cbd65bfd8a59e906ca5f98dd6f7541cf02bdfc17df8384bb8f
- SHA512
  
  ea3268a85ff2dfe7c94c6eb670f4aa3a13ec3019cf47bbcfa7e31eaa48dea0c8ee7dd0ebd020785942063e8acee7e2df62cd0c1eadf46a0208ebea29e146462b
- SSDEEP
  
  98304:Jqx1gyR0CwX6T036KJt6Oe2NhqCZao4+Axhy4V7FLEMUH82Z3dFRsFVsKtOep1eT:6WhwInbrIh17FFWZnR0VsAHndDNc7T
Score

7^/10

bootkit persistence
- Executes dropped EXE
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral6