General

  • Target

    56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422

  • Size

    266KB

  • Sample

    220725-b6p62shham

  • MD5

    685a2cb5212c9a5b9208fb41fbc98ac7

  • SHA1

    f6d3c90573427a3e68f744f8e0ebada395525e25

  • SHA256

    56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422

  • SHA512

    33f8da6eb65810fe24611afef0f0e575e41e430645283bc59c69be0cd07ac3fafa3823ae468be0a98c40423e1baf851b2882f5c017bb879f30319b1bbdb6bf45

Malware Config

Targets

    • Target

      56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422

    • Size

      266KB

    • MD5

      685a2cb5212c9a5b9208fb41fbc98ac7

    • SHA1

      f6d3c90573427a3e68f744f8e0ebada395525e25

    • SHA256

      56c468b1e011978cc513c74e8191cd4279fe7b744c97b5c0f381caef43c30422

    • SHA512

      33f8da6eb65810fe24611afef0f0e575e41e430645283bc59c69be0cd07ac3fafa3823ae468be0a98c40423e1baf851b2882f5c017bb879f30319b1bbdb6bf45

    • suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File

      suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks