9afc1339d73fdebc98795cb32f498081a415b20fb10b7b76c491d2fb38133839

General
Target

9afc1339d73fdebc98795cb32f498081a415b20fb10b7b76c491d2fb38133839

Size

1MB

Sample

220520-jjqhasbehj

Score
8 /10
MD5

a8d64976f43e58181bf6e137081946cc

SHA1

0c4cb5259ca542b73adbde8f97f7b602a226635f

SHA256

9afc1339d73fdebc98795cb32f498081a415b20fb10b7b76c491d2fb38133839

SHA512

db0c99ed5507081761195029e821172b25e4a79e72479400b6ab7d13b84c253920a79930d794132bc8732d7813b208e3fa03aa88c5eafc2d2c3b675516009b04

Malware Config
Targets
Target

9afc1339d73fdebc98795cb32f498081a415b20fb10b7b76c491d2fb38133839

MD5

a8d64976f43e58181bf6e137081946cc

Filesize

1MB

Score
8/10
SHA1

0c4cb5259ca542b73adbde8f97f7b602a226635f

SHA256

9afc1339d73fdebc98795cb32f498081a415b20fb10b7b76c491d2fb38133839

SHA512

db0c99ed5507081761195029e821172b25e4a79e72479400b6ab7d13b84c253920a79930d794132bc8732d7813b208e3fa03aa88c5eafc2d2c3b675516009b04

Tags

Signatures

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Writes to the Master Boot Record (MBR)

    Description

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    Tags

    TTPs

    Bootkit

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    8/10

                    behavioral1

                    8/10

                    behavioral2

                    8/10