General

  • Target

    ac658726e7d186f5732d1496d473cee9a4119675da4a4f95dce943350459da0a

  • Size

    593KB

  • Sample

    221020-ygbcxsbhek

  • MD5

    a01ff27c6d183a9b58e6c7394db22250

  • SHA1

    78a563c62fbf2d2b065c82ba741ddc9465f83760

  • SHA256

    ac658726e7d186f5732d1496d473cee9a4119675da4a4f95dce943350459da0a

  • SHA512

    f0541e5d656298f703c1a3cc3bee5e745eb127123ddb7280e3b64936c1803c4d311d0d1592705359871319e5364bb318871b47e3b2bc00a2187cc0fc72a84359

  • SSDEEP

    12288:VuBSP/amCdBJSpc/aaT9/gur79Yq63kfydqAKTE1qH:sA6dBwy/aI/gK79YH0FAgxH

Malware Config

Targets

    • Target

      ac658726e7d186f5732d1496d473cee9a4119675da4a4f95dce943350459da0a

    • Size

      593KB

    • MD5

      a01ff27c6d183a9b58e6c7394db22250

    • SHA1

      78a563c62fbf2d2b065c82ba741ddc9465f83760

    • SHA256

      ac658726e7d186f5732d1496d473cee9a4119675da4a4f95dce943350459da0a

    • SHA512

      f0541e5d656298f703c1a3cc3bee5e745eb127123ddb7280e3b64936c1803c4d311d0d1592705359871319e5364bb318871b47e3b2bc00a2187cc0fc72a84359

    • SSDEEP

      12288:VuBSP/amCdBJSpc/aaT9/gur79Yq63kfydqAKTE1qH:sA6dBwy/aI/gK79YH0FAgxH

    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks