kaspersky4win202121.6.7.351en_33704.exe

General
Target

kaspersky4win202121.6.7.351en_33704.exe

Size

3MB

Sample

220520-qwbm8shbal

Score
8 /10
MD5

d22579c4d6f351c59ad338e69bda18ba

SHA1

7f2c6cfdbb9b536d9bced67db491c293c153b470

SHA256

448a4c6974bdd870938875f1123295230cbeff6540dbb4f2c4836778e2118773

SHA512

c5b34d6efef8278cc71d39f5730c412a0d9b07c9d2790eaada6b5a37022aabd460362fb531680e2ec8383693fe5ee7b669138e9d25043fde92b2c6e5ea17b1f7

Malware Config
Targets
Target

kaspersky4win202121.6.7.351en_33704.exe

MD5

d22579c4d6f351c59ad338e69bda18ba

Filesize

3MB

Score
8/10
SHA1

7f2c6cfdbb9b536d9bced67db491c293c153b470

SHA256

448a4c6974bdd870938875f1123295230cbeff6540dbb4f2c4836778e2118773

SHA512

c5b34d6efef8278cc71d39f5730c412a0d9b07c9d2790eaada6b5a37022aabd460362fb531680e2ec8383693fe5ee7b669138e9d25043fde92b2c6e5ea17b1f7

Tags

Signatures

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks for any installed AV software in registry

    TTPs

    Security Software Discovery
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery
  • Writes to the Master Boot Record (MBR)

    Description

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    Tags

    TTPs

    Bootkit

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1