General
-
Target
55be64735aadf23ccfb4b895dff0c2c98c700bf224608466136871fd971e7269
-
Size
8.2MB
-
Sample
240526-gjfa8aha6v
-
MD5
d7cd027d0216f9093b6143bdbdabdd41
-
SHA1
180a2c274859f51859249027950ba670dba567e5
-
SHA256
55be64735aadf23ccfb4b895dff0c2c98c700bf224608466136871fd971e7269
-
SHA512
45f51404061bf47f7db01b8ffac9a7459bfd446ea2aedc76254d4041ecb32f7d892a4899a483238e5dddc93aa2ad0a62fea35581fb6de9bc6caffc0880902eaf
-
SSDEEP
196608:elxoGSzd2JPqIsNe7PA3iRYX8ZDGF1v+n7lSImbm:2xukgNS43iRYs4FR+n7ln
Malware Config
Targets
-
-
Target
55be64735aadf23ccfb4b895dff0c2c98c700bf224608466136871fd971e7269
-
Size
8.2MB
-
MD5
d7cd027d0216f9093b6143bdbdabdd41
-
SHA1
180a2c274859f51859249027950ba670dba567e5
-
SHA256
55be64735aadf23ccfb4b895dff0c2c98c700bf224608466136871fd971e7269
-
SHA512
45f51404061bf47f7db01b8ffac9a7459bfd446ea2aedc76254d4041ecb32f7d892a4899a483238e5dddc93aa2ad0a62fea35581fb6de9bc6caffc0880902eaf
-
SSDEEP
196608:elxoGSzd2JPqIsNe7PA3iRYX8ZDGF1v+n7lSImbm:2xukgNS43iRYs4FR+n7ln
Score8/10-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-