General
-
Target
Ducksploit.exe
-
Size
268KB
-
Sample
240620-wrvhfavdlk
-
MD5
174ef6ee931aabec1028a2c79bafc2a6
-
SHA1
2972b2b8c3721dd168f9aadced265bbadaca3620
-
SHA256
7aa7702c1c339cf6b98a5252e381030ab42c31a211bd4beca62ccd803e327545
-
SHA512
42e6df8d33bdabf4789b58c957aea20121457aa342cd35205d86d2da9b4843e96f16263ded882f28d176c6ae5e3c997e59e4d9d86d4caae8c451c511475cf599
-
SSDEEP
1536:SJRfk8zrjK6oZKWAjSaOxvqW20l6r3qAn5nZC7yr:SJRulU7n5nD
Malware Config
Targets
-
-
Target
Ducksploit.exe
-
Size
268KB
-
MD5
174ef6ee931aabec1028a2c79bafc2a6
-
SHA1
2972b2b8c3721dd168f9aadced265bbadaca3620
-
SHA256
7aa7702c1c339cf6b98a5252e381030ab42c31a211bd4beca62ccd803e327545
-
SHA512
42e6df8d33bdabf4789b58c957aea20121457aa342cd35205d86d2da9b4843e96f16263ded882f28d176c6ae5e3c997e59e4d9d86d4caae8c451c511475cf599
-
SSDEEP
1536:SJRfk8zrjK6oZKWAjSaOxvqW20l6r3qAn5nZC7yr:SJRulU7n5nD
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-