General
-
Target
Go To Bed.exe
-
Size
651KB
-
Sample
240516-lwebxafd45
-
MD5
ae57aed92e768b5c003c05e4b31ae901
-
SHA1
d24e80657f5d0cb2d6ace60659fa4e9ab812f6dd
-
SHA256
006430128d78e015e7ac9f8fffdb41e4bc6d7bbb7dff92f1a3b41e620278c1fa
-
SHA512
b9736d6e4b22fdeabc87d9f0a16bdcc580d6de92fde54c40e5c3015e4c77f2b4c5754df54bfb3dd932d7f12aa9d326bd71518f148cae2b827d1131c7b270feb3
-
SSDEEP
6144:w/7FG9mpcJ/OD8zehVB+JyYlCRse2Sfyu:w/744aOD8SQA2Tu
Malware Config
Targets
-
-
Target
Go To Bed.exe
-
Size
651KB
-
MD5
ae57aed92e768b5c003c05e4b31ae901
-
SHA1
d24e80657f5d0cb2d6ace60659fa4e9ab812f6dd
-
SHA256
006430128d78e015e7ac9f8fffdb41e4bc6d7bbb7dff92f1a3b41e620278c1fa
-
SHA512
b9736d6e4b22fdeabc87d9f0a16bdcc580d6de92fde54c40e5c3015e4c77f2b4c5754df54bfb3dd932d7f12aa9d326bd71518f148cae2b827d1131c7b270feb3
-
SSDEEP
6144:w/7FG9mpcJ/OD8zehVB+JyYlCRse2Sfyu:w/744aOD8SQA2Tu
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-