General

  • Target

    c53cdca62beef131773c4dac2201ada2bd7e3ee2670be7a891ad382e2aa8a030

  • Size

    7.1MB

  • Sample

    220520-dhtknshegl

  • MD5

    3be0c5999c106fc87718e30c03337f5c

  • SHA1

    78b41358b27b6401badb5af5825e318d8368a78b

  • SHA256

    c53cdca62beef131773c4dac2201ada2bd7e3ee2670be7a891ad382e2aa8a030

  • SHA512

    623c01fa1a60e7d85abfcf6456a85ebc9132851cdb50aa8991c6dce697875512f01c8bd9369ad7f5ee2e0309435a12f52201d2b8fbebc558f67dd9d4cd408c64

Score
6/10

Malware Config

Targets

    • Target

      1.BAT

    • Size

      31B

    • MD5

      4e412f918f635a8eb8dbf85c1fc8d14c

    • SHA1

      1675787e9a46bb6c0039f4a10a17421214fe11b0

    • SHA256

      170a25c0a51c76a49868467844f87490e87e9ba0e8ae0e2ec65e3af343a25f2e

    • SHA512

      6d22e86b75289c67dba95c2a42e54d531e325719f8a0233e1971e64c119b4c64652e2051d48f5ad8580e097bdcfa821c02fc3ac80d90a1ee8243dd21d9e28ee2

    Score
    1/10
    • Target

      AFUEFI.exe

    • Size

      184KB

    • MD5

      27c60d9a6bc43f227e1e620759dc2529

    • SHA1

      926d1200c5cea5eb5e73b78506d8005ee177fff1

    • SHA256

      83ceb9388256b66eee86b0673bfcb52cb91448d30cc1398716d1b5da94cbeb62

    • SHA512

      474ab12aa476e4ec0a8364dbc37db40367f31cc1601745445291b642f8b89de0a67624c4b1fcae1be5d1d46d1112969deb6fb4e4d62b99689df9c0d34aad57d9

    Score
    1/10
    • Target

      HPUSBFW/DOS/COMMAND.COM

    • Size

      92KB

    • MD5

      17c1021dd38323dd3a558e334dc7aaf2

    • SHA1

      13fa1e00940a541c61d5f53c8ba9fb689595f6a3

    • SHA256

      931d25c31d04d61bb44394eeed1f64d4278d764a9eb7da4edf683d6893cb7006

    • SHA512

      9787d6f07eab719aa6ec919519d770755282aa196bf998d8e98f7d735e965228c7d94f6800b56dc0737babc5749312cdc899886ea73b6bf055d4f1fb3018f5ec

    Score
    1/10
    • Target

      制作纯DOS启动U盘刷新BIOS/DOS/COMMAND.COM

    • Size

      92KB

    • MD5

      17c1021dd38323dd3a558e334dc7aaf2

    • SHA1

      13fa1e00940a541c61d5f53c8ba9fb689595f6a3

    • SHA256

      931d25c31d04d61bb44394eeed1f64d4278d764a9eb7da4edf683d6893cb7006

    • SHA512

      9787d6f07eab719aa6ec919519d770755282aa196bf998d8e98f7d735e965228c7d94f6800b56dc0737babc5749312cdc899886ea73b6bf055d4f1fb3018f5ec

    Score
    1/10
    • Target

      制作纯DOS启动U盘刷新BIOS/HP优盘格式化工具HPUSBFW 2.20.exe

    • Size

      96KB

    • MD5

      f109b8ed3b703f7765eb7e1bc6975d29

    • SHA1

      05753b015d84d236e36c3aef40d9d22add05bf72

    • SHA256

      3e01af95f9b5b1b939b64241613fd91b2a738f66c5d1173df24e9e74faf1fc5e

    • SHA512

      580497f012a0045eb678373e53f6aad6709786e3aaf74a558384574edcd7c544152f9197264ba2c60c4d02c4dd8ce4e978291ae7ee9477ffaccb2b162d34dc1a

    Score
    6/10
    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      制作纯DOS启动U盘刷新BIOS/af10_bios/AFUDOS.exe

    • Size

      180KB

    • MD5

      26a7e328e3857c4bfa10a64f96f8ae09

    • SHA1

      c20c21b676e2197d3b9b46e4caa18e0cf6a95ef6

    • SHA256

      14aa11ca54970a7b8fff6b659e6a8ab95fe7c29d0fcb812fe9d5cc57ae02cc9f

    • SHA512

      ccf9bce5275a61de5d0a2bd41766d49c4f7bdbcf7e2b0bfd644c57b96d800d12e7411e1da73cd8653c041b5b0b8b49ee88914c709ca97d6f715a9372637e9693

    Score
    1/10
    • Target

      制作纯DOS启动U盘刷新BIOS/af10_bios/af10.bat

    • Size

      36B

    • MD5

      9b5ed50e42ffd28d2726ad29d3ba77e5

    • SHA1

      a99bd33e4e669eb6f051121be2322d992a1a8683

    • SHA256

      c5459799cb767e154c8ac4813f8d8560645f9ec484c6bc67200cd66c5bc6760d

    • SHA512

      570f8da4e2a8266fad628e247a9a0405bed9aba10ee1d5fe10d2829a03ab256265f821101177ac2ae19b0e0138aeefbfe66ce7b98b2c0940e869005e875fb8f2

    Score
    1/10
    • Target

      HPUSBFW/DOS1/制作纯DOS启动U盘刷新BIOS/HP优盘格式化工具HPUSBFW 2.20.exe

    • Size

      96KB

    • MD5

      f109b8ed3b703f7765eb7e1bc6975d29

    • SHA1

      05753b015d84d236e36c3aef40d9d22add05bf72

    • SHA256

      3e01af95f9b5b1b939b64241613fd91b2a738f66c5d1173df24e9e74faf1fc5e

    • SHA512

      580497f012a0045eb678373e53f6aad6709786e3aaf74a558384574edcd7c544152f9197264ba2c60c4d02c4dd8ce4e978291ae7ee9477ffaccb2b162d34dc1a

    Score
    6/10
    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      HPUSBFW/DOS1/制作纯DOS启动U盘刷新BIOS/af10_bios/AFUDOS.exe

    • Size

      180KB

    • MD5

      26a7e328e3857c4bfa10a64f96f8ae09

    • SHA1

      c20c21b676e2197d3b9b46e4caa18e0cf6a95ef6

    • SHA256

      14aa11ca54970a7b8fff6b659e6a8ab95fe7c29d0fcb812fe9d5cc57ae02cc9f

    • SHA512

      ccf9bce5275a61de5d0a2bd41766d49c4f7bdbcf7e2b0bfd644c57b96d800d12e7411e1da73cd8653c041b5b0b8b49ee88914c709ca97d6f715a9372637e9693

    Score
    1/10
    • Target

      HPUSBFW/DOS1/制作纯DOS启动U盘刷新BIOS/af10_bios/af10.bat

    • Size

      36B

    • MD5

      9b5ed50e42ffd28d2726ad29d3ba77e5

    • SHA1

      a99bd33e4e669eb6f051121be2322d992a1a8683

    • SHA256

      c5459799cb767e154c8ac4813f8d8560645f9ec484c6bc67200cd66c5bc6760d

    • SHA512

      570f8da4e2a8266fad628e247a9a0405bed9aba10ee1d5fe10d2829a03ab256265f821101177ac2ae19b0e0138aeefbfe66ce7b98b2c0940e869005e875fb8f2

    Score
    1/10
    • Target

      HPUSBFW/HPUSBFW.exe

    • Size

      132KB

    • MD5

      70bfc665ab6518b4981a328837343f00

    • SHA1

      d6d0e7b956f82e6bf793488e6c789a7d0dc86e1d

    • SHA256

      5ed8d7188bcce496f545b044269e30955982b6cdf7fdb59779254a2c04394d09

    • SHA512

      7ee22250758925ede7834c3b1fe9db7facac6a60ad7da2666b1fe82027faab0da31614e8f53eb71d9c3d7eab71d558aa5d703a8143611ed5d2012f92c50baefe

    Score
    3/10
    • Target

      manual.docx

    • Size

      512KB

    • MD5

      48f9b5e18c5f9cc30e78de66950710a6

    • SHA1

      e286e4644c2f0ead02f499ca50f672f232ed003b

    • SHA256

      b2762afba9d5e982cd8f131b21ed03e01b89363406217f0f819adfaccca108bb

    • SHA512

      e904fe44d1a257ece21d625848c7c184e16c8ee452fe3bc3c834e74eedc2941f34082551af697bc7e89d30734d53131c5c50bf1c94080851c3568e7fc253b513

    Score
    4/10

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

2
T1067

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

4
T1082

Tasks