General
-
Target
ballbasketball.jpg
-
Size
6KB
-
Sample
240630-25shwsycnc
-
MD5
a63ca08893b39a8b4e253360b8f8a729
-
SHA1
7ba7675c1cf7de75c8ec62de081b3bc6bbc77997
-
SHA256
668d65c5ddc7c35064266956e1a0ce02926309bac03bb1887dc0238867afc4c9
-
SHA512
488e8872a80f734b0ec0fe7f86918658a92bc8e98b052a23f839aa0c7c98af8a40820555022519f77b19b487e734df2d09d9a141ba951234bac615aad4980502
-
SSDEEP
96:4ptRddxPEriD6z7Hd4FcawfRkEHs8q7dasq6LlVJz4Y6DPaRI+mprpr6tJdBXF+Q:4DRdfuu6z0hKkEHs8iqilVouBq0h
Malware Config
Targets
-
-
Target
ballbasketball.jpg
-
Size
6KB
-
MD5
a63ca08893b39a8b4e253360b8f8a729
-
SHA1
7ba7675c1cf7de75c8ec62de081b3bc6bbc77997
-
SHA256
668d65c5ddc7c35064266956e1a0ce02926309bac03bb1887dc0238867afc4c9
-
SHA512
488e8872a80f734b0ec0fe7f86918658a92bc8e98b052a23f839aa0c7c98af8a40820555022519f77b19b487e734df2d09d9a141ba951234bac615aad4980502
-
SSDEEP
96:4ptRddxPEriD6z7Hd4FcawfRkEHs8q7dasq6LlVJz4Y6DPaRI+mprpr6tJdBXF+Q:4DRdfuu6z0hKkEHs8iqilVouBq0h
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-