General
-
Target
Winpoison.exe
-
Size
1.2MB
-
Sample
240810-wdrjmazgkr
-
MD5
be12096cef9070ae798a5af8d9fcad51
-
SHA1
63076c2c2e71b884486b9d7844e4d0e5b04bbaef
-
SHA256
f0eb7ad85621ef094e965c8fc1d8d21d2cd66ff2bcb2263d0a035c26647916f8
-
SHA512
5092b069d86c56ac554845c91e6bd928fb4e597207e5885e707751de701aff7231e0de7168b97521a7b356835700f1f15c13dab30cca2b1be1582238fdff574e
-
SSDEEP
12288:vmB+MU2pN1sj7faqMIROTRVNB/CBSe/ivi3Q0PEJViXhRZvHmm/7CxrWd6TQBoIr:JMU2pN1sj7faqM59CPEJIZvGfQBR
Static task
static1
Behavioral task
behavioral1
Sample
Winpoison.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Winpoison.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Winpoison.exe
-
Size
1.2MB
-
MD5
be12096cef9070ae798a5af8d9fcad51
-
SHA1
63076c2c2e71b884486b9d7844e4d0e5b04bbaef
-
SHA256
f0eb7ad85621ef094e965c8fc1d8d21d2cd66ff2bcb2263d0a035c26647916f8
-
SHA512
5092b069d86c56ac554845c91e6bd928fb4e597207e5885e707751de701aff7231e0de7168b97521a7b356835700f1f15c13dab30cca2b1be1582238fdff574e
-
SSDEEP
12288:vmB+MU2pN1sj7faqMIROTRVNB/CBSe/ivi3Q0PEJViXhRZvHmm/7CxrWd6TQBoIr:JMU2pN1sj7faqM59CPEJIZvGfQBR
Score8/10-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-