Overview
overview
9Static
static
7HBCD/WinTo...ip.bat
windows7-x64
7HBCD/WinTo...ip.bat
windows10-2004-x64
7HBCD/WinTo...er.bat
windows7-x64
7HBCD/WinTo...er.bat
windows10-2004-x64
9HBCD/WinTo...ns.bat
windows7-x64
7HBCD/WinTo...ns.bat
windows10-2004-x64
7HBCD/WinTo...un.exe
windows7-x64
7HBCD/WinTo...un.exe
windows10-2004-x64
7HBCD/WinTo...er.bat
windows7-x64
7HBCD/WinTo...er.bat
windows10-2004-x64
7HBCD/WinTo...Uz.bat
windows7-x64
7HBCD/WinTo...Uz.bat
windows10-2004-x64
7HBCD/WinTo...ts.bat
windows7-x64
7HBCD/WinTo...ts.bat
windows10-2004-x64
9HBCD/WinTo...ix.exe
windows7-x64
9HBCD/WinTo...ix.exe
windows10-2004-x64
9HBCD/WinTo...er.bat
windows7-x64
7HBCD/WinTo...er.bat
windows10-2004-x64
7HBCD/WinTo...er.bat
windows7-x64
7HBCD/WinTo...er.bat
windows10-2004-x64
7HBCD/WinTo...mp.bat
windows7-x64
7HBCD/WinTo...mp.bat
windows10-2004-x64
7HBCD/WinTo...NT.exe
windows7-x64
7HBCD/WinTo...NT.exe
windows10-2004-x64
7HBCD/WinTo...ix.bat
windows7-x64
7HBCD/WinTo...ix.bat
windows10-2004-x64
7HBCD/WinTo...un.bat
windows7-x64
1HBCD/WinTo...un.bat
windows10-2004-x64
1HBCD/WinTo...es.bat
windows7-x64
1HBCD/WinTo...es.bat
windows10-2004-x64
1HBCD/WinTo...er.bat
windows7-x64
7HBCD/WinTo...er.bat
windows10-2004-x64
7General
-
Target
Hiren's.BootCD.9.9.iso
-
Size
178.2MB
-
Sample
240630-hdazzsvard
-
MD5
9b797871bab60ebe80363a26d167b0a4
-
SHA1
717d2f58f5a4c07417c526e80a7373a972f164e4
-
SHA256
6b9b0c2be545dc060c19760fb7437a2661c50797797faa167a4b00a9236d4f29
-
SHA512
606319f733c061c3ee0a4239046410c9a39a744c41199b89b2910188136f3a677b5b5fba7218d6b706c0dce618b632acb61d3902ada51f886d5675a173691e73
-
SSDEEP
3145728:XWX5lDyn8yv3zS9t97aun6RhooaZ7w1FKoAp6wHzAsWZcwXTxsPOjMPeW:XWXbDynN3zmt9J4ooaBwrXAp6wHzgZ3C
Behavioral task
behavioral1
Sample
HBCD/WinTools/7Zip.bat
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
HBCD/WinTools/7Zip.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
HBCD/WinTools/AsteriskLogger.bat
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
HBCD/WinTools/AsteriskLogger.bat
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
HBCD/WinTools/AutoRuns.bat
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
HBCD/WinTools/AutoRuns.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
HBCD/WinTools/Autorun.exe
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
HBCD/WinTools/Autorun.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
HBCD/WinTools/CCleaner.bat
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
HBCD/WinTools/CCleaner.bat
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
HBCD/WinTools/CPUz.bat
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
HBCD/WinTools/CPUz.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
HBCD/WinTools/CPorts.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
HBCD/WinTools/CPorts.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
HBCD/WinTools/ComboFix.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
HBCD/WinTools/ComboFix.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
HBCD/WinTools/ContentAdvisorPasswordRemover.bat
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
HBCD/WinTools/ContentAdvisorPasswordRemover.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
HBCD/WinTools/CoolWebSearch_Remover.bat
Resource
win7-20240419-en
Behavioral task
behavioral20
Sample
HBCD/WinTools/CoolWebSearch_Remover.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
HBCD/WinTools/DTemp.bat
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
HBCD/WinTools/DTemp.bat
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
HBCD/WinTools/DefragNT.exe
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
HBCD/WinTools/DefragNT.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
HBCD/WinTools/DialAFix.bat
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
HBCD/WinTools/DialAFix.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
HBCD/WinTools/DisableAutorun.bat
Resource
win7-20240220-en
Behavioral task
behavioral28
Sample
HBCD/WinTools/DisableAutorun.bat
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
HBCD/WinTools/DisableCompressOldFiles.bat
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
HBCD/WinTools/DisableCompressOldFiles.bat
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
HBCD/WinTools/DoubleDriver.bat
Resource
win7-20240611-en
Behavioral task
behavioral32
Sample
HBCD/WinTools/DoubleDriver.bat
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
HBCD/WinTools/7Zip.bat
-
Size
89B
-
MD5
6fd295a4c32bca6f7d6b43ef35867b8c
-
SHA1
2fa26fb806c945e35b53aee40f186147b6965591
-
SHA256
16873933aedb621f9f495259a034a0d8225cb37e6a1b2133ac5277e43ae3c680
-
SHA512
d1e88801d2a46b835286e7494ff63d19001df1dd5f0a0e6ea9bae03bbb6c2f2eaacd08c6df5461ee10ccc3423d199dd0220b540fd7a945ffa14438fac3c3f1d3
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
HBCD/WinTools/AsteriskLogger.bat
-
Size
101B
-
MD5
7ef7c686018ac499743387a191b72d47
-
SHA1
925d6476874f791d3006de07f3c274dc363473fb
-
SHA256
47881a40db65e4c0b62f60614d2d7dcd31fbf8288f3e52e6bddcc6a437a690ec
-
SHA512
7a63b5a4ef554a006efdbe5209758d63feb73d674b033be351c4d5558e084debe93503737d6661f9191e0ccc6611147c31ccd3aa06ac3d77e6c56944b1cde2a0
Score9/10-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
HBCD/WinTools/AutoRuns.bat
-
Size
177B
-
MD5
7c6ff63cf2cd3eebab87131b49e325bb
-
SHA1
aa29101b2b09470229b69000826085dc8e1575a1
-
SHA256
b03cbe7e13c4316a961968f22855b2e90becf7b9fb9464bdc57b0ef822ac2ba2
-
SHA512
6f77b22e2336a94ed8349517da0654f1e199334a7bbd974d1dee9f9098c676353e8679a32c6fdf1d24c4a04af4d0a1f40424ae870df509ba0555debd0e95e437
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
HBCD/WinTools/Autorun.exe
-
Size
11KB
-
MD5
e21919d9101c524bf8142f7dde33e4d6
-
SHA1
f3e48f3edf3a89042b2d99b212c207eef7780c47
-
SHA256
07282703984dd4ca2a0752c72e7b1518a1864f816ff49cc59434921305dec7df
-
SHA512
ced587b92d751892039fb45a8e18d2b20c18cc4eee6a586037bb457d4cbf433a0fa272255c6f8a12a747950966d3fd44e4c987377c9f17770a0aad0c22b99808
-
SSDEEP
192:gG9k28uq+N1Wkow4WiLuiJw6ooh7x5Ohx+tHMSGjRR1XL0A2xZ:3rqy1jiu6P7n1tsFAL
Score7/10 -
-
-
Target
HBCD/WinTools/CCleaner.bat
-
Size
272B
-
MD5
feada6a65af0556e9893ad1b4267a12d
-
SHA1
793466b1af949ffee15667b98fba5397bda4f8be
-
SHA256
870a6bfe8e01fd8ac999a0a8e2fc1bef1bb7d6623f374628e74ff38782771f13
-
SHA512
20d36db000bd40b80535227edaa0714a1aa451497078d25f6a5828d7a1c303fe61e898d76f4c208b231e550e41f3d8c4028ae59efbe9ce47859d6f2bcd667b25
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
HBCD/WinTools/CPUz.bat
-
Size
87B
-
MD5
e73eb157659ef46d72009227c3272a3f
-
SHA1
504a463baf84aee01becd7ac0296e66c9caa3877
-
SHA256
b24d59a8861da7c9439138fbf84883a76e03dd00c494fccf30d73a86218e41d4
-
SHA512
91bbd67f8c964049604cad10dbac67a79258d90d7c4d04114084f6ffb8d0ae0f3556ff06dae6c991843f20a5ca7fad6e714b7fce7aedeab526dfc40c2e2ef319
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
HBCD/WinTools/CPorts.bat
-
Size
101B
-
MD5
3ae8e6870c06a7415b230dddd3997680
-
SHA1
c1ff9787d53a7bd64019db22801ec34c432a0161
-
SHA256
fa57e4e2b976fa05052f14af7d8e291fb15a09ad99d1b5eeb552de02875e83eb
-
SHA512
152fabd1b301069b7a5674c94aae2343b48e7db6581e280f20bdcb9266d1f43c0534ba504a08d1673347b3eba99c700c167c7b8e1e7f75707c43dcc58780dbbb
Score9/10-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
HBCD/WinTools/ComboFix.exe
-
Size
2.9MB
-
MD5
14b582165769a58e64a74e007e7a2e3e
-
SHA1
ddb5384c93794f0aca59c6d0b384a19028189076
-
SHA256
ac5700575a0776c7ac6bb2b2fdcd7ea9e2914cfd9ac72dd6d191557aa0479892
-
SHA512
94079cb6c72991bf6f50ca138136ff9a88302e26239d06e34a39c9df0a736aa3869974b027e1edf12776da9fb743d682384d32d1ce5c1100e34381e283190ccd
-
SSDEEP
49152:N/cX0+PRzFKDSiNUiVjHhAb5QgDmV/fK0fXU51/Mr84almQAG61ZdwJ0:aJp2+iNCFDo/V/wEYlmeSO0
Score9/10-
Nirsoft
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
HBCD/WinTools/ContentAdvisorPasswordRemover.bat
-
Size
105B
-
MD5
a2c4cb3f9f4a6a0a7a9a25ae2cb9e6b3
-
SHA1
522dca9ecafe66612808982640ce89fe3b8f6cc2
-
SHA256
9b7619aa1966f1765dd7b271881fff2a21fa446fd8f0ea29281df7809807ad2d
-
SHA512
21c172f4afcc5a86d35646971c43453d4e08d3dac94e7f65bd7de1b094f674ab56b86eaa2fcab55b44d42bae5f4b930742066dfcf3097eec5c3d98134e3230d1
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
HBCD/WinTools/CoolWebSearch_Remover.bat
-
Size
93B
-
MD5
88f0fbf67a25934e60aed5530797f64c
-
SHA1
e3b723e43da79b225d8976c80d2ad3aa3113947f
-
SHA256
3b3390fc5e29bb0843d948ceed046acaa691dd117166ba463af972ed0494cfcf
-
SHA512
618b6b925187a4a1c083cdeb5e86d378c02874427bfb208b43c6d825c00c23783675bc35d059218cccf9ba5b38b8282dd0ab11facb1f30e98f5bc8d0661bf65c
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
HBCD/WinTools/DTemp.bat
-
Size
96B
-
MD5
df678211f71a4c06492c718da2e8f09f
-
SHA1
b280a8e803553671b05892b8949fd67ec61dfd89
-
SHA256
a290facbfb11a3554ce2c2dc3e0be3ef3dd771ffaa28ee79fc6dcdd24d074590
-
SHA512
323d16076685f079f323764565a2244eb0246928e8e298f5be2d61db4ac8924f79d70a58a6c0092a01cc78cfec43c74aac6a926db5a0deca049a9fca5896ade5
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
HBCD/WinTools/DefragNT.exe
-
Size
35KB
-
MD5
3f23fb57818666666879b67b00679b0a
-
SHA1
58d2d99f833878efbf7c9cf8c8cde8f784470fd6
-
SHA256
f9e535431bafbd70b1a0f321262f0b8763fad5aa2442430033ff33dccceee207
-
SHA512
e08dc0226205b71628cabfda8628b012b8f9a2b6cb9bcda6e7d5fc4e5587725e2a1b46aa0bf1a49e2abdc15f3384388b42385c69211c9e6855c01489a11c599d
-
SSDEEP
768:SJfkEnJs4e+rfZrpw4zousA/wTnCR8Qq2ZmF9:SDXfZqMoo4TCR8x2Zg
Score7/10 -
-
-
Target
HBCD/WinTools/DialAFix.bat
-
Size
95B
-
MD5
a9c98bbda5bbd20f48fc57795784caeb
-
SHA1
8b27ccb07a220c9703775c3bbe31ff56fdb7d4e8
-
SHA256
86b2ead4191abaabdc5543de1fc355677caa0e0605b4f98ab87554ac046cf555
-
SHA512
3cb0b17f87e1c486c6dad121b78a316e3a70570fb365cb4d28d89f1419043353d2620e1ef2d8dea650eebb94969ca7cd98850a1263143ab6783d90e9a4c3b8cd
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
-
-
Target
HBCD/WinTools/DisableAutorun.bat
-
Size
307B
-
MD5
a4feb1d16f5031e391ccca59bf910070
-
SHA1
ac3815e55f04fe0bd6c32f49bb0d25a382bf51c4
-
SHA256
f2e1602fc44c1dec54c81ac584222405bd3d4d8209dd751e9d608334379fe000
-
SHA512
6bbc4f9b1fb87806464fea8279cd59bced681164f34544e5c1fa591e3e54b20f48f14edfb115978546d59ea7d928d59edaf97bb3ab895201d8eca3a33c4112ca
Score1/10 -
-
-
Target
HBCD/WinTools/DisableCompressOldFiles.bat
-
Size
280B
-
MD5
0741bc520a918d9e2af36404c088f380
-
SHA1
23d5d362d2f46c73e80bdd130f7720d918f07175
-
SHA256
35b0d4a202a43e594d729bc596afd96822c6c758644e9d3596c42e2940487e60
-
SHA512
b04964645119315800b966744a43f2842b02175fcb40bbdf9f100079b0ff9c0dcc79676aa08d48f2e825c883b89fdb070e591c4c7b8d1099bc523911f206dd68
Score1/10 -
-
-
Target
HBCD/WinTools/DoubleDriver.bat
-
Size
103B
-
MD5
6dcab38b0b1b4deddb821e0612d10ee8
-
SHA1
faf6f59a576bbf5a00e6f2f911699ccf3ff6bb03
-
SHA256
58ca014d86aa27775f7221a8b6e5de9898d6f3bdfd0b0d7788b354e02d54511d
-
SHA512
d1aed5721feba12d2c931d60328fcc2abe698cd996a009ac5e136d8c6a195ae2bff829b2bfc3d3779dca09cebf861d8aef00f4e0292fe7292e211771044af79a
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1