General
-
Target
Rutherfordium.exe-main.zip
-
Size
668KB
-
Sample
240810-zrrnbssanh
-
MD5
d078268bfd50180e2f202222d43374d8
-
SHA1
5a1d76d6fb5d892565a8c106ddb5fbc37d028bad
-
SHA256
859f7ff63811ac93eb9d8ed44893a52e216c03a6cd6dadc464c538894491d235
-
SHA512
669074121ea0f492f1636b6aefa71cb767d547cca85087da41a0022a9346d6d73b3c48cb3ec537848c7dcc638fe5f2cba806b13f73d1f10641039cfa5727f104
-
SSDEEP
12288:Gvj6aCBignmbochSRa5D3OzOYYi7io1b4DJUvjuhdrr+Pmgn6ENrMgJX:861U5ovRiOzOY96WjuDrrRYrMO
Malware Config
Targets
-
-
Target
Rutherfordium.exe
-
Size
263KB
-
MD5
bbb9f19a08712300e0b9afddf1aecb5d
-
SHA1
0e0778cb6b0396fe98a01772f8cbb3129dfd971a
-
SHA256
368234de5fb9ea1a242dd22857156ddd2e6f3fa068a78199a3a2606996cf2e82
-
SHA512
20d7bbb4c92c11be620268d259d06b0fc9a31dc6924e84fb88671cc9be6bc35ff0949a2291da5ab3d21980689545c2c6c5996b079c50e5400f0f4a454bc879b5
-
SSDEEP
6144:9wI1Kh0w+FEf4fLAyaTG4Q4fl951KSjjm7MMWsOW:hwBAfLsGVg7jOT
Score8/10-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
Rutherfordium.exe
-
Size
263KB
-
MD5
bbb9f19a08712300e0b9afddf1aecb5d
-
SHA1
0e0778cb6b0396fe98a01772f8cbb3129dfd971a
-
SHA256
368234de5fb9ea1a242dd22857156ddd2e6f3fa068a78199a3a2606996cf2e82
-
SHA512
20d7bbb4c92c11be620268d259d06b0fc9a31dc6924e84fb88671cc9be6bc35ff0949a2291da5ab3d21980689545c2c6c5996b079c50e5400f0f4a454bc879b5
-
SSDEEP
6144:9wI1Kh0w+FEf4fLAyaTG4Q4fl951KSjjm7MMWsOW:hwBAfLsGVg7jOT
Score8/10-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-