General

  • Target

    3364d476259221501252167627d3d9ae1bd0b488c4e68343593d94fea37a71ec

  • Size

    5.0MB

  • Sample

    220520-drkzwsaabr

  • MD5

    2747aa7b8dd712fdc6e2baeb9fa7b708

  • SHA1

    50d2875a2dcb62ab3ee2af662f804747f2e92dfb

  • SHA256

    3364d476259221501252167627d3d9ae1bd0b488c4e68343593d94fea37a71ec

  • SHA512

    83be96162542d7e35eb4b429b62c245264dcc14f4191b84a1973855a01854ac6c14858499cb879f0a02b145b221f97d30faecdf25f8079b60fa223fae2bb6c00

Malware Config

Targets

    • Target

      3364d476259221501252167627d3d9ae1bd0b488c4e68343593d94fea37a71ec

    • Size

      5.0MB

    • MD5

      2747aa7b8dd712fdc6e2baeb9fa7b708

    • SHA1

      50d2875a2dcb62ab3ee2af662f804747f2e92dfb

    • SHA256

      3364d476259221501252167627d3d9ae1bd0b488c4e68343593d94fea37a71ec

    • SHA512

      83be96162542d7e35eb4b429b62c245264dcc14f4191b84a1973855a01854ac6c14858499cb879f0a02b145b221f97d30faecdf25f8079b60fa223fae2bb6c00

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Tasks