General
-
Target
Easy2Boot_v2.20.exe
-
Size
34.7MB
-
Sample
241109-vva3jaxpaw
-
MD5
3d55a27b98c865644997f858902715b6
-
SHA1
b971af5cbe2c2dd032b04709731fb64759ad371c
-
SHA256
16236aa5bdfc6a7e130240bcdd28c35fa63a75828298874a90cf246f7580757f
-
SHA512
22f9948900cf6ff836143620c7f40d956b2a694c099794c9bfd868570a658d7307273fea2d4bbde930401268592453c0b895aef8f2a3ac6b585c91e57c1970ac
-
SSDEEP
786432:zJsJLYHT5sAsu/4RcMF7gYG8rLbPCi5dmm14nW0X9LWsP/:VM05sp+4mMpgYn6iXmaw9LW8/
Static task
static1
Behavioral task
behavioral1
Sample
Easy2Boot_v2.20.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
Easy2Boot_v2.20.exe
-
Size
34.7MB
-
MD5
3d55a27b98c865644997f858902715b6
-
SHA1
b971af5cbe2c2dd032b04709731fb64759ad371c
-
SHA256
16236aa5bdfc6a7e130240bcdd28c35fa63a75828298874a90cf246f7580757f
-
SHA512
22f9948900cf6ff836143620c7f40d956b2a694c099794c9bfd868570a658d7307273fea2d4bbde930401268592453c0b895aef8f2a3ac6b585c91e57c1970ac
-
SSDEEP
786432:zJsJLYHT5sAsu/4RcMF7gYG8rLbPCi5dmm14nW0X9LWsP/:VM05sp+4mMpgYn6iXmaw9LW8/
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-