General

  • Target

    e934e53a7615cb313bdfbf94155b24a582fa3168f76fe8d8e72b28d0f5c72443

  • Size

    685KB

  • Sample

    221003-at5wasaedk

  • MD5

    6bc22124e0f122ce31034a66595603dc

  • SHA1

    bd7cd3802a911d67912caea53499effcd77fb123

  • SHA256

    e934e53a7615cb313bdfbf94155b24a582fa3168f76fe8d8e72b28d0f5c72443

  • SHA512

    5edc7653bf86108b518f16cd91c4a9382215ec9569639508f8a0e7a04ef980bdb1db826e9a93d9a6d5a74a9e6f2de60f553db743b6c38ee2f1906e057ccc99e8

  • SSDEEP

    12288:eVKGHV5LOxYOhyUEd/AiMR2ZZXDDOMtxVUBquS5A6JodBwzvOHhyJOWYwd5W:oK6gYl/dU2zXDhLeB0odBnByTW

Malware Config

Targets

    • Target

      e934e53a7615cb313bdfbf94155b24a582fa3168f76fe8d8e72b28d0f5c72443

    • Size

      685KB

    • MD5

      6bc22124e0f122ce31034a66595603dc

    • SHA1

      bd7cd3802a911d67912caea53499effcd77fb123

    • SHA256

      e934e53a7615cb313bdfbf94155b24a582fa3168f76fe8d8e72b28d0f5c72443

    • SHA512

      5edc7653bf86108b518f16cd91c4a9382215ec9569639508f8a0e7a04ef980bdb1db826e9a93d9a6d5a74a9e6f2de60f553db743b6c38ee2f1906e057ccc99e8

    • SSDEEP

      12288:eVKGHV5LOxYOhyUEd/AiMR2ZZXDDOMtxVUBquS5A6JodBwzvOHhyJOWYwd5W:oK6gYl/dU2zXDhLeB0odBnByTW

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Tasks