General

  • Target

    b699758c2e191f32a8a9d9c7b7bc1e66b8fd0644f6181ddb3339639edc38d56f

  • Size

    32KB

  • Sample

    220725-b252pshfdq

  • MD5

    56ccbdaa85437657712c855c86d918ee

  • SHA1

    d6c2f3b4c6e91646e14069ace6709ef26bd7cd94

  • SHA256

    b699758c2e191f32a8a9d9c7b7bc1e66b8fd0644f6181ddb3339639edc38d56f

  • SHA512

    1b73e000452e4f13df27d65c66b25d6a474644bce2c533f08245c04ca5152d51285730e14b423d07ef7aa17ae2aa9be8be5aeab77df0876c4471c57e49e1fc2a

Malware Config

Targets

    • Target

      b699758c2e191f32a8a9d9c7b7bc1e66b8fd0644f6181ddb3339639edc38d56f

    • Size

      32KB

    • MD5

      56ccbdaa85437657712c855c86d918ee

    • SHA1

      d6c2f3b4c6e91646e14069ace6709ef26bd7cd94

    • SHA256

      b699758c2e191f32a8a9d9c7b7bc1e66b8fd0644f6181ddb3339639edc38d56f

    • SHA512

      1b73e000452e4f13df27d65c66b25d6a474644bce2c533f08245c04ca5152d51285730e14b423d07ef7aa17ae2aa9be8be5aeab77df0876c4471c57e49e1fc2a

    • suricata: ET MALWARE Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Cipher_Suite length greater than Client_Hello Length)

      suricata: ET MALWARE Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Cipher_Suite length greater than Client_Hello Length)

    • Executes dropped EXE

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Bootkit

1
T1067

Defense Evasion

Modify Registry

1
T1112

Tasks