General
-
Target
Screenshot 2025-01-15 12.29.03 PM.png
-
Size
772B
-
Sample
250115-wv6pwazrav
-
MD5
17645b73feca89196be2b3b9fda1af8c
-
SHA1
b1026b5b2a8ad8caa1734127deef61a72eef790b
-
SHA256
536d41f75e7e710b96459a2b9eeb2cd926babb1d31faf2d9fdb8a2d2f0b54364
-
SHA512
d04e9e0ab3dda0b99a4340a3613b4d3f936587792fde302a37ab4792cd33dcc2dc7ea18e0d6454cee6c071e43df1ccdaf09681dac9007566b7a71f0efd90ea6b
Static task
static1
Behavioral task
behavioral1
Sample
Screenshot 2025-01-15 12.29.03 PM.png
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Screenshot 2025-01-15 12.29.03 PM.png
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Screenshot 2025-01-15 12.29.03 PM.png
-
Size
772B
-
MD5
17645b73feca89196be2b3b9fda1af8c
-
SHA1
b1026b5b2a8ad8caa1734127deef61a72eef790b
-
SHA256
536d41f75e7e710b96459a2b9eeb2cd926babb1d31faf2d9fdb8a2d2f0b54364
-
SHA512
d04e9e0ab3dda0b99a4340a3613b4d3f936587792fde302a37ab4792cd33dcc2dc7ea18e0d6454cee6c071e43df1ccdaf09681dac9007566b7a71f0efd90ea6b
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-