General
-
Target
bffdaefebcdc7576bcd79296e1decebc58bc6d8014874d1529ae07cf350b3e11
-
Size
11.8MB
-
Sample
240407-tsxcbage8s
-
MD5
1f7f24bda1e6d4943dacff51d03c2f5a
-
SHA1
75f7a7374c875a887b52291dcf4eb7b6a22e7875
-
SHA256
bffdaefebcdc7576bcd79296e1decebc58bc6d8014874d1529ae07cf350b3e11
-
SHA512
418de5cac7ae63731e934a4556499b041b072d9823542d9bc5ae8294ea064b51513d91d2ba28a56d53f9e6faa1ce4d14cbf4996b81600aea6158167917ec8b28
-
SSDEEP
196608:CIJ6eA5cPmiRqfk0ScX/eBDv+cRc7A4Yn7WILy+aEkcGXe6bqmOIhJZEFIxgabSR:Cf1xAcX/Or/M07neRJXe6basrSsgabI
Behavioral task
behavioral1
Sample
bffdaefebcdc7576bcd79296e1decebc58bc6d8014874d1529ae07cf350b3e11.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bffdaefebcdc7576bcd79296e1decebc58bc6d8014874d1529ae07cf350b3e11.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
bffdaefebcdc7576bcd79296e1decebc58bc6d8014874d1529ae07cf350b3e11
-
Size
11.8MB
-
MD5
1f7f24bda1e6d4943dacff51d03c2f5a
-
SHA1
75f7a7374c875a887b52291dcf4eb7b6a22e7875
-
SHA256
bffdaefebcdc7576bcd79296e1decebc58bc6d8014874d1529ae07cf350b3e11
-
SHA512
418de5cac7ae63731e934a4556499b041b072d9823542d9bc5ae8294ea064b51513d91d2ba28a56d53f9e6faa1ce4d14cbf4996b81600aea6158167917ec8b28
-
SSDEEP
196608:CIJ6eA5cPmiRqfk0ScX/eBDv+cRc7A4Yn7WILy+aEkcGXe6bqmOIhJZEFIxgabSR:Cf1xAcX/Or/M07neRJXe6basrSsgabI
-
Detect Blackmoon payload
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-