General
-
Target
ufsxpci.exe
-
Size
41.8MB
-
Sample
241014-dy342sxcnf
-
MD5
cc6cf30e86d774df9a3b3ffdc3f8c7ed
-
SHA1
ebad1a99ba436548a8115846e2ebae3b19b11c9c
-
SHA256
0c939890c3cbc24675e353eaa90f791f0f8d57d3bc40394c125cf54aa00a8fa6
-
SHA512
130daaba55d8c84b0afdca4681bd158da32ea1751c3a548a1c2223b00b3626212d440d027d50ef66533d4c67233c8cff3c2e6f9f640dc21336baed4c1b3a94bb
-
SSDEEP
786432:lYi145b7jnv4Gsfgcld7LiuChEuuh1qK9O7LsbEDhp8eHk:O7b7jnwpfxld4hCn9OPsbrP
Malware Config
Targets
-
-
Target
ufsxpci.exe
-
Size
41.8MB
-
MD5
cc6cf30e86d774df9a3b3ffdc3f8c7ed
-
SHA1
ebad1a99ba436548a8115846e2ebae3b19b11c9c
-
SHA256
0c939890c3cbc24675e353eaa90f791f0f8d57d3bc40394c125cf54aa00a8fa6
-
SHA512
130daaba55d8c84b0afdca4681bd158da32ea1751c3a548a1c2223b00b3626212d440d027d50ef66533d4c67233c8cff3c2e6f9f640dc21336baed4c1b3a94bb
-
SSDEEP
786432:lYi145b7jnv4Gsfgcld7LiuChEuuh1qK9O7LsbEDhp8eHk:O7b7jnwpfxld4hCn9OPsbrP
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-