General
-
Target
199eabb35b91888f23206ec029e5fa454421f397a5efabefa381547b62a88efa
-
Size
7.4MB
-
Sample
241111-yp5lqsykck
-
MD5
d34063e6e56c9a390644ccf674933eb0
-
SHA1
b6dc56b2f9d3cacc2c614419212bb2d2af1ea270
-
SHA256
199eabb35b91888f23206ec029e5fa454421f397a5efabefa381547b62a88efa
-
SHA512
a52d798e7338b21ecc40c034548ff194ced75848d1d9ff6c5542eed2dc7142a44c6802b45c3da66263ef053f561ee90912f0901ecbb04d9c1dfaa8827a7a697c
-
SSDEEP
196608:9DrJqt+meippi3yokKovdU1FVQqfwAS4O+iX:93megkBGU1AyS/X
Static task
static1
Behavioral task
behavioral1
Sample
199eabb35b91888f23206ec029e5fa454421f397a5efabefa381547b62a88efa.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
199eabb35b91888f23206ec029e5fa454421f397a5efabefa381547b62a88efa.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
199eabb35b91888f23206ec029e5fa454421f397a5efabefa381547b62a88efa
-
Size
7.4MB
-
MD5
d34063e6e56c9a390644ccf674933eb0
-
SHA1
b6dc56b2f9d3cacc2c614419212bb2d2af1ea270
-
SHA256
199eabb35b91888f23206ec029e5fa454421f397a5efabefa381547b62a88efa
-
SHA512
a52d798e7338b21ecc40c034548ff194ced75848d1d9ff6c5542eed2dc7142a44c6802b45c3da66263ef053f561ee90912f0901ecbb04d9c1dfaa8827a7a697c
-
SSDEEP
196608:9DrJqt+meippi3yokKovdU1FVQqfwAS4O+iX:93megkBGU1AyS/X
Score8/10-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-