General
-
Target
f52ecf3133ebaa539f9dd2fc92a530415fd8b075ee755f1be592cf7f211a870b
-
Size
10.6MB
-
Sample
240525-t8t7wsbd22
-
MD5
18eaace2a5b95ead7118238acbc8a9cd
-
SHA1
473348ff9d9a79d45ec224c65fed95dc915ebe13
-
SHA256
f52ecf3133ebaa539f9dd2fc92a530415fd8b075ee755f1be592cf7f211a870b
-
SHA512
c2e6a6cbc7451e1482517156064a4d99bc38080a4c8879a8bc1b0fe36c8dc4d8161615ec12cd8dc32a9bece377850fc60f8dd138b71c01874d08f5c82be7fa80
-
SSDEEP
196608:OjjR0dJSn91KkQZZD0IDbHN4CT9dkqiC2B2RmZhviB7MtlaMlvYWNZVWzsZnHG6:OudJS9AbLDOCcjNhvTS2ZtZHG6
Static task
static1
Behavioral task
behavioral1
Sample
f52ecf3133ebaa539f9dd2fc92a530415fd8b075ee755f1be592cf7f211a870b.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
f52ecf3133ebaa539f9dd2fc92a530415fd8b075ee755f1be592cf7f211a870b.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
f52ecf3133ebaa539f9dd2fc92a530415fd8b075ee755f1be592cf7f211a870b
-
Size
10.6MB
-
MD5
18eaace2a5b95ead7118238acbc8a9cd
-
SHA1
473348ff9d9a79d45ec224c65fed95dc915ebe13
-
SHA256
f52ecf3133ebaa539f9dd2fc92a530415fd8b075ee755f1be592cf7f211a870b
-
SHA512
c2e6a6cbc7451e1482517156064a4d99bc38080a4c8879a8bc1b0fe36c8dc4d8161615ec12cd8dc32a9bece377850fc60f8dd138b71c01874d08f5c82be7fa80
-
SSDEEP
196608:OjjR0dJSn91KkQZZD0IDbHN4CT9dkqiC2B2RmZhviB7MtlaMlvYWNZVWzsZnHG6:OudJS9AbLDOCcjNhvTS2ZtZHG6
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-