Description
Looks up country code configured in the registry, likely geofence.
kaspersky4win202121.6.7.351en_33704.exe
General
Target
Size
Sample
kaspersky4win202121.6.7.351en_33704.exe
3MB
220520-qwbm8shbal
Score
8 /10
MD5
SHA1
SHA256
SHA512
d22579c4d6f351c59ad338e69bda18ba
7f2c6cfdbb9b536d9bced67db491c293c153b470
448a4c6974bdd870938875f1123295230cbeff6540dbb4f2c4836778e2118773
c5b34d6efef8278cc71d39f5730c412a0d9b07c9d2790eaada6b5a37022aabd460362fb531680e2ec8383693fe5ee7b669138e9d25043fde92b2c6e5ea17b1f7
Malware Config
Targets
Target
MD5
Filesize
kaspersky4win202121.6.7.351en_33704.exe
d22579c4d6f351c59ad338e69bda18ba
3MB
Score
8/10
SHA1
SHA256
SHA512
7f2c6cfdbb9b536d9bced67db491c293c153b470
448a4c6974bdd870938875f1123295230cbeff6540dbb4f2c4836778e2118773
c5b34d6efef8278cc71d39f5730c412a0d9b07c9d2790eaada6b5a37022aabd460362fb531680e2ec8383693fe5ee7b669138e9d25043fde92b2c6e5ea17b1f7
Tags
Signatures
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
-
Loads dropped DLL
-
Adds Run key to start application
Tags
TTPs
-
Checks for any installed AV software in registry
TTPs
-
Checks installed software on the system
Description
Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags
TTPs
-
Checks whether UAC is enabled
Tags
TTPs
-
Enumerates connected drives
Description
Attempts to read the root path of hard drives other than the default C: drive.
TTPs
-
Writes to the Master Boot Record (MBR)
Description
Bootkits write to the MBR to gain persistence at a level below the operating system.
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks