General
-
Target
9d9d364d3a94420cfc256139f40ecb5c3fd8298c076f89dc9a73442417703c6b
-
Size
7.3MB
-
Sample
240504-g2819ahd77
-
MD5
249f0c156193d3916c9f21833c73c9de
-
SHA1
b4f50ae1ed2f3f093af02839d1408f25cdea1f0e
-
SHA256
9d9d364d3a94420cfc256139f40ecb5c3fd8298c076f89dc9a73442417703c6b
-
SHA512
2424988f21ec1b57ccc580de3c84bc4f58df615f3e389341b07717d0eb5e1ebb7c18aafa389c0910942eb525918082447bff6a5160543d3f99863b1f1b5e890f
-
SSDEEP
196608:r2kWbEko1nisbpW2/JuoLl5oSwf669WxvWU1ZMNZu:nWbETnrdW2xuoLl5oSIrcIUz
Malware Config
Targets
-
-
Target
9d9d364d3a94420cfc256139f40ecb5c3fd8298c076f89dc9a73442417703c6b
-
Size
7.3MB
-
MD5
249f0c156193d3916c9f21833c73c9de
-
SHA1
b4f50ae1ed2f3f093af02839d1408f25cdea1f0e
-
SHA256
9d9d364d3a94420cfc256139f40ecb5c3fd8298c076f89dc9a73442417703c6b
-
SHA512
2424988f21ec1b57ccc580de3c84bc4f58df615f3e389341b07717d0eb5e1ebb7c18aafa389c0910942eb525918082447bff6a5160543d3f99863b1f1b5e890f
-
SSDEEP
196608:r2kWbEko1nisbpW2/JuoLl5oSwf669WxvWU1ZMNZu:nWbETnrdW2xuoLl5oSIrcIUz
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-