General
-
Target
Recoverit.rar
-
Size
160.7MB
-
Sample
240427-ghyfeadb6w
-
MD5
c8bed0e191be3a883078ea20a6b5ff9c
-
SHA1
347d3d6bfe42ea7d4c5b780ae76d52b11c3334a3
-
SHA256
7c91134f30b4818ccc58db516517eaae6fc5f1bfe15d7b4d36c317a4edf7de8d
-
SHA512
4a280625ef88331cf43d4d9bdc8ead3a5e861ad73442112574a4041b2db970b0a4df9defa15dcef6734b47c02eac796c2d1e58f38f8d1da92c27492b5af7bf6e
-
SSDEEP
3145728:R1/V41CxqRJ9gXd+01kyL6M9Dhc0eIPLeDboDP8+l6azSHnVGoGagSdxPFiNDgXL:RBq1RJ9gXA01WM9+FbqplBW8oTldzsGL
Static task
static1
Malware Config
Targets
-
-
Target
Recoverit.rar
-
Size
160.7MB
-
MD5
c8bed0e191be3a883078ea20a6b5ff9c
-
SHA1
347d3d6bfe42ea7d4c5b780ae76d52b11c3334a3
-
SHA256
7c91134f30b4818ccc58db516517eaae6fc5f1bfe15d7b4d36c317a4edf7de8d
-
SHA512
4a280625ef88331cf43d4d9bdc8ead3a5e861ad73442112574a4041b2db970b0a4df9defa15dcef6734b47c02eac796c2d1e58f38f8d1da92c27492b5af7bf6e
-
SSDEEP
3145728:R1/V41CxqRJ9gXd+01kyL6M9Dhc0eIPLeDboDP8+l6azSHnVGoGagSdxPFiNDgXL:RBq1RJ9gXA01WM9+FbqplBW8oTldzsGL
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-