General
-
Target
6月份核实工资报表&g._xlsx.exe
-
Size
93KB
-
Sample
240709-ltzvtszfna
-
MD5
7c201d4554ab1c2bff66d1793c7d4956
-
SHA1
95ab7b72c873f572cfd46aab2ea3e3ed2a7732c9
-
SHA256
6c3e5e6f31bff22b33ed16a4ad86f3465ecce6797af13937175bf36f12f3d9d1
-
SHA512
78fc2732abc194e6d7a3bf83dd0c101ee797b7ae1caa6db637476511780a8ff739156fcd8f3a35cc5d50645867e67e802d5b5639b17c234e61a8a75b14369a3c
-
SSDEEP
1536:as0BXpNBopYHq5zFnWY+ADgHdQzBv2JMtxSDmz/Zw+0VLPdQ7q0a:a/XDSpYHq5zFL+AD0dsB8MtEKz/EVLPB
Malware Config
Targets
-
-
Target
6月份核实工资报表&g._xlsx.exe
-
Size
93KB
-
MD5
7c201d4554ab1c2bff66d1793c7d4956
-
SHA1
95ab7b72c873f572cfd46aab2ea3e3ed2a7732c9
-
SHA256
6c3e5e6f31bff22b33ed16a4ad86f3465ecce6797af13937175bf36f12f3d9d1
-
SHA512
78fc2732abc194e6d7a3bf83dd0c101ee797b7ae1caa6db637476511780a8ff739156fcd8f3a35cc5d50645867e67e802d5b5639b17c234e61a8a75b14369a3c
-
SSDEEP
1536:as0BXpNBopYHq5zFnWY+ADgHdQzBv2JMtxSDmz/Zw+0VLPdQ7q0a:a/XDSpYHq5zFL+AD0dsB8MtEKz/EVLPB
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-