General
-
Target
zuhaowan_3.8.240608.1.exe
-
Size
123.0MB
-
Sample
240615-sqnrqaygmk
-
MD5
50c05b029ef55a19889182801665c587
-
SHA1
6408879b5f58583cc452233dc232925620ecd81d
-
SHA256
ce55e2456c9c5e2bd8ebbd04312eb9ace148a60236d82ec5f205f7f076b38479
-
SHA512
7b8978a3f24c2f5893f0488c1436181d28f44ca326c7582c9d005045ef7699020aea7b68c680473423e119e54c862f1e14b577b003689d6b5cfaa1bfe20bd7c5
-
SSDEEP
3145728:wy7Lu15hh4UMorphwh/vfKmQs9szr8gTUrGJyd6g:w4LurhWUri/qds9sz4WZu
Static task
static1
Behavioral task
behavioral1
Sample
zuhaowan_3.8.240608.1.exe
Resource
win11-20240611-en
Malware Config
Targets
-
-
Target
zuhaowan_3.8.240608.1.exe
-
Size
123.0MB
-
MD5
50c05b029ef55a19889182801665c587
-
SHA1
6408879b5f58583cc452233dc232925620ecd81d
-
SHA256
ce55e2456c9c5e2bd8ebbd04312eb9ace148a60236d82ec5f205f7f076b38479
-
SHA512
7b8978a3f24c2f5893f0488c1436181d28f44ca326c7582c9d005045ef7699020aea7b68c680473423e119e54c862f1e14b577b003689d6b5cfaa1bfe20bd7c5
-
SSDEEP
3145728:wy7Lu15hh4UMorphwh/vfKmQs9szr8gTUrGJyd6g:w4LurhWUri/qds9sz4WZu
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-