General
-
Target
5164354715287552.zip
-
Size
7.1MB
-
Sample
210302-1b1ba2l1d2
-
MD5
bd5fc7268220a1e675a30b4e094c3878
-
SHA1
29e816744c6065d23f16e114896bebd5c32c2631
-
SHA256
6de6f09e3eedcc6788dc0e82bd5151d7f1d60684da062753453ee8fc92ef9438
-
SHA512
73b327c694680dd29c05aa1516898ec05df8b75fef576d8bd3a626caa864b28025503059872379343abb9109778e9514d477678dadae6ea35eef60686f8ace5b
Static task
static1
Behavioral task
behavioral1
Sample
17af39b94d7b43990fddfb2a1f761e5d3cfc5cfb0ebbe1b92f586d8ab77ee2d1.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
17af39b94d7b43990fddfb2a1f761e5d3cfc5cfb0ebbe1b92f586d8ab77ee2d1.dll
Resource
win10v20201028
Malware Config
Extracted
http://dhxx2phjrf4w5.cloudfront.net/v4/gtg/heartdisk_qm00013?action=mio.1
Extracted
http://dhxx2phjrf4w5.cloudfront.net/v4/gtg/heartdisk_qm00013?action=mio.4
Extracted
http://dhxx2phjrf4w5.cloudfront.net/v4/gtg/heartdisk_qm00013?action=mid.3
Extracted
http://dhxx2phjrf4w5.cloudfront.net/v4/gtg/heartdisk_qm00013?action=mio.1
Extracted
http://dhxx2phjrf4w5.cloudfront.net/v4/gtg/heartdisk_qm00013?action=mio.4
Extracted
http://d2hrpnfyb3wv3k.cloudfront.net/provide?clients=131FE87CDBB64F6CF0472E3C44322407&reqs=visit.install
Extracted
http://d2hrpnfyb3wv3k.cloudfront.net/provide?clients=131FE87CDBB64F6CF0472E3C44322407&reqs=visit.startload
Extracted
http://dhxx2phjrf4w5.cloudfront.net/v4/gtg/heartdisk_qm00013?action=mid.3
Targets
-
-
Target
17af39b94d7b43990fddfb2a1f761e5d3cfc5cfb0ebbe1b92f586d8ab77ee2d1
-
Size
7.3MB
-
MD5
0c935fa1f51f9d60e1fc1885a429e20c
-
SHA1
b2c968e2c465d12bb1db81b04a58125349df9086
-
SHA256
17af39b94d7b43990fddfb2a1f761e5d3cfc5cfb0ebbe1b92f586d8ab77ee2d1
-
SHA512
4cbcf97cd4b842f56ac82285cd0d21c8d140608c52ecc4076b43008dbe898cc2f9771b02de38e620fa043cc930d93fd454d41df6d3bb2991081d71e9cc6e495c
Score10/10-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-