Overview

overview

8

Static

static

8

DSDOS.bat

windows7_x64

1

DSDOS.bat

windows10-2004_x64

1

DSDOS.exe

windows7_x64

DSDOS.exe

windows10-2004_x64

DSWIN.bat

windows7_x64

6

DSWIN.bat

windows10-2004_x64

6

DSWIN.exe

windows7_x64

6

DSWIN.exe

windows10-2004_x64

6

MANUAL.pdf

windows7_x64

1

MANUAL.pdf

windows10-2004_x64

1

SETUP.exe

windows7_x64

6

SETUP.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    461d83b68c5b7afb97eb2a9f21c4622b7b5250a3cd6bab01bde492349f9ecb46

  • Size

    773KB

  • Sample

    220520-fhwfdaagd5

  • MD5

    4ae59507f1190401a3551ef2f9f0a2f4

  • SHA1

    cfbb91301243a8bfabba8ceb1d0f7637499cd31e

  • SHA256

    461d83b68c5b7afb97eb2a9f21c4622b7b5250a3cd6bab01bde492349f9ecb46

  • SHA512

    c2abda12ad75207df506d50cd57fef7b56dc28429f3e5a6751d9c872a0d2b0424b15d38950322edc42b9c57283ddce58d728e26f3c1dca9ac6cad35ed9f40b2e

Score
8/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      DSDOS.BAT

    • Size

      23B

    • MD5

      2ddfed534c85360f45d2c41d51f84a01

    • SHA1

      894032ef47e551935a6a1cfb3ff177f6fc5b007b

    • SHA256

      402228d89d7aa58aea067449a892748e9d639518b6f969279691dfbb4d64f15e

    • SHA512

      ea3cf0b30ced9ce0cd01fa91a5a28967984ad96fc93e0a76bc826bb30fbd42f46b316e24f0f85c931ce993d3f8c1c2254c6385e2a3a44f4bdb9c0ab9fe53a331

    Score
    1/10
    behavioral1behavioral2

    • Target

      DSDOS.EXE

    • Size

      214KB

    • MD5

      55314674b0ced3139056828319cf284e

    • SHA1

      80ce682c9b20f6f6638434a11bc02009997905ed

    • SHA256

      b45094a8820a2959961fbd1342eb0e4d5fff7574e757eef685b93f0cdb336cbe

    • SHA512

      199f471efa9e02cebd5ba663b221b1d62eaeff7135247e4bb7561aa143e184addd8b0cd8bde15c1fe7f61e3c0f81ea9b5bcc0b6b8b31bf9b9d503d629376bd53

    Score
    1/10
    behavioral3behavioral4

    • Target

      DSWIN.BAT

    • Size

      23B

    • MD5

      a07cec4db198a3c6116451c44f0380a9

    • SHA1

      513e3f7454296dc6a41864835582c21ff1d931aa

    • SHA256

      98286d0be9363406f2d9cc903265b10601f1332fc800e7a5de578b39bee5d29d

    • SHA512

      e69eb4059212636755206b9e6de488bace276a2af51af147ff3b57bfbe129eac82c68da7a70a827cf256693d7f9c5892a4ad3850dbc09c0f0d11ebf70c82aec0

    Score
    6/10
    bootkitpersistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral5behavioral6

    • Target

      DSWIN.EXE

    • Size

      1.5MB

    • MD5

      a790e22c9f0a53719daee116f0da2b60

    • SHA1

      ced86c613a7c5f171788ca38eafb9085f2643229

    • SHA256

      36b65013b08b08b1dcf2aa2c73ccba772bdf33a809e91d4642c89955ac4b9f0e

    • SHA512

      834929d198ab0613cfb786e13e0f307032f13bdc47131e9358efc4c0bbc8ffc10aa2a12efd539d0f6336b4b6e21534811a3747be4f04df6abea09c1df613b7be

    Score
    6/10
    bootkitpersistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral7behavioral8

    • Target

      MANUAL.PDF

    • Size

      36KB

    • MD5

      3e6dce3b491f099937b846a1b2e19a48

    • SHA1

      67b3eb93b31c808656c5ed639bc883463c93f496

    • SHA256

      231ad844eb6ef9d044a25b95d8e6d0a76be44d0efd6f5927c3391b24569c8d88

    • SHA512

      ecc29706130e32bf276dcc0ee18c3e3141c0ad726983dd490092928f43f2d18ef5810bce3cead44d45ef515fe64e10aba0b8d32dde613c5ec0a911159f31f65f

    Score
    1/10
    behavioral9behavioral10

    • Target

      SETUP.EXE

    • Size

      68KB

    • MD5

      5ab23721f1bb34445823d8fcfa695864

    • SHA1

      91e49d9d5237f24b927b921eb543b5c27ad9236a

    • SHA256

      bb857288a71fb2b24d75aa364c267185f076e696a19760a2de04d325a2fe6cab

    • SHA512

      e567da73431aefcde59879702d8ec36ee28da7f2d399673b3c6a22c412b659d119f2a120bdd7a387933f3ec6a980b6277444be6cedf0e7dce8a0a9dfc0242275

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

2
T1067

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

5
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

6
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks