General

  • Target

    21d376f0ec63236e590e58add44c00647588fdeb52b59f34efa43d5219520fb4

  • Size

    616KB

  • Sample

    220520-e9w1jsdbaq

  • MD5

    87e30ba93b9ebff6e00c0a802530e5fe

  • SHA1

    e54d3e6f3f7033b03db038a6ea43192e26c7792e

  • SHA256

    21d376f0ec63236e590e58add44c00647588fdeb52b59f34efa43d5219520fb4

  • SHA512

    5471ca2af9c61913cd5449a9d49d275a4bcdcc042e109a66e077a57a989bdf9e7a153c6c9ba8837d03927e8177d4e66245f290b83f2c3dc92793f66e210c2bef

Malware Config

Targets

    • Target

      21d376f0ec63236e590e58add44c00647588fdeb52b59f34efa43d5219520fb4

    • Size

      616KB

    • MD5

      87e30ba93b9ebff6e00c0a802530e5fe

    • SHA1

      e54d3e6f3f7033b03db038a6ea43192e26c7792e

    • SHA256

      21d376f0ec63236e590e58add44c00647588fdeb52b59f34efa43d5219520fb4

    • SHA512

      5471ca2af9c61913cd5449a9d49d275a4bcdcc042e109a66e077a57a989bdf9e7a153c6c9ba8837d03927e8177d4e66245f290b83f2c3dc92793f66e210c2bef

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks