General
-
Target
hwid-spoofer.exe
-
Size
266KB
-
Sample
240701-pr1acsvgml
-
MD5
322f7016ccf0835c39375dfc42370222
-
SHA1
701a2e8c1d8976c7b5b6a49d6449a4ff92dba6ee
-
SHA256
9945aca9c51b2d420585e28adcb500631f27e4322e07afc1f13b7b690d177d0c
-
SHA512
82fc8db901bd68ba322635d8a1d7d515f3b61cdf2a65d0c5f132ce7f0a3b74dd4545ed7c762707510a225e0adb91516a468019b264bd7ac625fe24ffc6e6aefb
-
SSDEEP
6144:amBvRxy3LhH3R8QG18lS8kjdiWNAYot/lKyy8rw/8E/lx1q:BxfeZk1oGNyy8rwUE/8
Behavioral task
behavioral1
Sample
hwid-spoofer.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
hwid-spoofer.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
hwid-spoofer.exe
-
Size
266KB
-
MD5
322f7016ccf0835c39375dfc42370222
-
SHA1
701a2e8c1d8976c7b5b6a49d6449a4ff92dba6ee
-
SHA256
9945aca9c51b2d420585e28adcb500631f27e4322e07afc1f13b7b690d177d0c
-
SHA512
82fc8db901bd68ba322635d8a1d7d515f3b61cdf2a65d0c5f132ce7f0a3b74dd4545ed7c762707510a225e0adb91516a468019b264bd7ac625fe24ffc6e6aefb
-
SSDEEP
6144:amBvRxy3LhH3R8QG18lS8kjdiWNAYot/lKyy8rw/8E/lx1q:BxfeZk1oGNyy8rwUE/8
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-