6e0363086f1410505a3660911f94bb249ebb950910de9dbd5bcb3136df7b6480

Sharing

Copy URL

Twitter E-mail

General

Target

6e0363086f1410505a3660911f94bb249ebb950910de9dbd5bcb3136df7b6480
Size

1.5MB
Sample

221106-kspg2acfa3
MD5

fa37024fbcf79a7a10c008c435493364
SHA1

f4df68074168ac63c64cae89c4bafdb106684044
SHA256

6e0363086f1410505a3660911f94bb249ebb950910de9dbd5bcb3136df7b6480
SHA512

ebf82ebabe423ad6e351008b7bd4df5a9c5f8c04d1b5a069929b1e529df7fadc176909e66785205bc99bbbf233b5e5827a3572ad5ec65c0bbe220c88c80e0735
SSDEEP

24576:MpmKf6ORbNBmUngGU/Y/G1TezLQ6pV25cy+0axuLQkMYZM20w90IpC:ubNBiG06Gad4ey+NfkMD1BIw

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  Victoria 5.37 Portable/Help/English/dcomemo.rtf
- Size
  
  1KB
- MD5
  
  b37c2599a7e0ee739136ec4342616fcd
- SHA1
  
  31ee8064a1b29732a0233362e094c7439182a467
- SHA256
  
  dddceee9ccbbcacfad9f4c9e04608dde42e43158985d6bebe761e2c1957d0908
- SHA512
  
  2910e2ecacbf81674507eff539299384ecc881a7209bc8f0aab8faf50350bc4bf83ca741a75a868c78dd7f90da79f8a29bad46225d0fdc26d9c097c43f11054d
Score

4^/10
behavioral1 behavioral2
- Target
  
  Victoria 5.37 Portable/Help/English/vichlp.rtf
- Size
  
  144KB
- MD5
  
  43fed3d6537208c280faec0ff8242692
- SHA1
  
  c479f33945019328d863f1d532abd98e82282e96
- SHA256
  
  fbdae514e6f648554c58d7b6c3d1f154791dfaac94223b88f7881471020e7933
- SHA512
  
  c305fad223c8532bd1e087a3f144d15533bb36692a90d760226e3efc0e6c02f5559b9f1aa9ced26ff2c9f674a602f834daf4c3ca7c615377a1c2cc9eca2af4f1
- SSDEEP
  
  768:3W8Cm4tbDMMtOY3GPzPMEm/OoUW1M5AbDeme63K3mmGE91DcJYjyq6yGPXeP+/I4:W5Fm2uuByxCIlZRx0
Score

4^/10
behavioral3 behavioral4
- Target
  
  Victoria 5.37 Portable/Help/English/whatsnew.rtf
- Size
  
  240KB
- MD5
  
  9f5fc0015ace5bcb72d208c8cc53663a
- SHA1
  
  f07ee8c118cf835963507a04e083da6bfce22658
- SHA256
  
  119300ad57fe8b92c7e6cfbd0621b39d9c65833bea92d075b4f22bfc295b7f06
- SHA512
  
  13121a6f53b7ed306aef686ef765ae16f6d34104402c7bb33f6c4a7080bd0234b1447b8d0afff85b3c60f59f6fbf020b498da39b762ba04bef56e51d1fbff3de
- SSDEEP
  
  768:GGuuSeFet3aC1Zbufh2GHq9mSpHCpqOmao6k2QIkK/pI6vJAClZxCkIfbRithvQt:ueq/6khuXNuzn+yyxqib1bYWpxS7BH
Score

4^/10
behavioral5 behavioral6
- Target
  
  Victoria 5.37 Portable/Help/Ukraine/dcomemo.rtf
- Size
  
  3KB
- MD5
  
  1464993b633f1f6b0eeab7469076a369
- SHA1
  
  9bddefe8c22482bc220d93f05a62ef3a138429a3
- SHA256
  
  1afe0c42931656985a5955514d49a250ee07fd2a9de67fcdd45c9f492a11abd7
- SHA512
  
  6e86850cc6c8ce32b85bef6f79d03106dc369c5ec217bc4db05d3731d43ba67129452feaaf5ea4d38cb0ccfedf5f39b13d926a71830449880fb7f0299a109dda
Score

4^/10
behavioral7 behavioral8
- Target
  
  Victoria 5.37 Portable/Help/Ukraine/vichlp.rtf
- Size
  
  144KB
- MD5
  
  43fed3d6537208c280faec0ff8242692
- SHA1
  
  c479f33945019328d863f1d532abd98e82282e96
- SHA256
  
  fbdae514e6f648554c58d7b6c3d1f154791dfaac94223b88f7881471020e7933
- SHA512
  
  c305fad223c8532bd1e087a3f144d15533bb36692a90d760226e3efc0e6c02f5559b9f1aa9ced26ff2c9f674a602f834daf4c3ca7c615377a1c2cc9eca2af4f1
- SSDEEP
  
  768:3W8Cm4tbDMMtOY3GPzPMEm/OoUW1M5AbDeme63K3mmGE91DcJYjyq6yGPXeP+/I4:W5Fm2uuByxCIlZRx0
Score

4^/10
behavioral10 behavioral9
- Target
  
  Victoria 5.37 Portable/Help/Ukraine/whatsnew.rtf
- Size
  
  240KB
- MD5
  
  9f5fc0015ace5bcb72d208c8cc53663a
- SHA1
  
  f07ee8c118cf835963507a04e083da6bfce22658
- SHA256
  
  119300ad57fe8b92c7e6cfbd0621b39d9c65833bea92d075b4f22bfc295b7f06
- SHA512
  
  13121a6f53b7ed306aef686ef765ae16f6d34104402c7bb33f6c4a7080bd0234b1447b8d0afff85b3c60f59f6fbf020b498da39b762ba04bef56e51d1fbff3de
- SSDEEP
  
  768:GGuuSeFet3aC1Zbufh2GHq9mSpHCpqOmao6k2QIkK/pI6vJAClZxCkIfbRithvQt:ueq/6khuXNuzn+yyxqib1bYWpxS7BH
Score

4^/10
behavioral11 behavioral12
- Target
  
  Victoria 5.37 Portable/Help/Русский/dcomemo.rtf
- Size
  
  5KB
- MD5
  
  190fe7511f89148f6a9a928a40e446b4
- SHA1
  
  914686dffc21d193d7023f1f637f88420cb48c6a
- SHA256
  
  412c444c4964149afc99a8dbf9ad7da975a81bf605c264770536438349901ad6
- SHA512
  
  ec5079bf91bbc72e6937566962583c1784e9f0b7b6ce2abe9b418f23fcb7da901cbb7fed131d6db3f394d199fabb00cfb9cefedba816fe45dd810fe42701d2e0
- SSDEEP
  
  96:5+DfMwJKmgUn+lZSmkODOMgtZXAjlMhTigMRJWBGUJ5zIiUGtm7c5lHLNaUthdTC:kDfM0KVU+SQgfXAjmhcxMzjtm7c5lHLW
Score

4^/10
behavioral13 behavioral14
- Target
  
  Victoria 5.37 Portable/Help/Русский/vichlp.rtf
- Size
  
  144KB
- MD5
  
  43fed3d6537208c280faec0ff8242692
- SHA1
  
  c479f33945019328d863f1d532abd98e82282e96
- SHA256
  
  fbdae514e6f648554c58d7b6c3d1f154791dfaac94223b88f7881471020e7933
- SHA512
  
  c305fad223c8532bd1e087a3f144d15533bb36692a90d760226e3efc0e6c02f5559b9f1aa9ced26ff2c9f674a602f834daf4c3ca7c615377a1c2cc9eca2af4f1
- SSDEEP
  
  768:3W8Cm4tbDMMtOY3GPzPMEm/OoUW1M5AbDeme63K3mmGE91DcJYjyq6yGPXeP+/I4:W5Fm2uuByxCIlZRx0
Score

4^/10
behavioral15 behavioral16
- Target
  
  Victoria 5.37 Portable/Help/Русский/whatsnew.rtf
- Size
  
  240KB
- MD5
  
  9f5fc0015ace5bcb72d208c8cc53663a
- SHA1
  
  f07ee8c118cf835963507a04e083da6bfce22658
- SHA256
  
  119300ad57fe8b92c7e6cfbd0621b39d9c65833bea92d075b4f22bfc295b7f06
- SHA512
  
  13121a6f53b7ed306aef686ef765ae16f6d34104402c7bb33f6c4a7080bd0234b1447b8d0afff85b3c60f59f6fbf020b498da39b762ba04bef56e51d1fbff3de
- SSDEEP
  
  768:GGuuSeFet3aC1Zbufh2GHq9mSpHCpqOmao6k2QIkK/pI6vJAClZxCkIfbRithvQt:ueq/6khuXNuzn+yyxqib1bYWpxS7BH
Score

4^/10
behavioral17 behavioral18
- Target
  
  Victoria 5.37 Portable/USB_SupportList.rtf
- Size
  
  10KB
- MD5
  
  f566493c6cb084ef1360d58cf36d441d
- SHA1
  
  3f9948445663723eb707fd45144fea4e13ab1434
- SHA256
  
  43f3560e21418001b6aa5f319e6431d8310692899437727fe099fe580b1afeff
- SHA512
  
  2c1dca1a527d69013088062e3dbd3333ad62e1e367bdccdb6f036f8fac5b784398e19023b1b9aed68ea6c6779a65004658cc5588ab9a61c75d2bf0035e6d431c
- SSDEEP
  
  192:zVQ6UTi4ygQbjVfNYepa3t+qyDmN8qMGxwD9KwS8kXcFmDfpylp0ETmlojyHcPeL:6e4y16eG+q29ZS8sTp6xT2YLEmkOD2
Score

4^/10
behavioral19 behavioral20
- Target
  
  Victoria 5.37 Portable/Victoria.exe
- Size
  
  3.1MB
- MD5
  
  613a1546bc8f67a554d2ae2b3a0873a6
- SHA1
  
  acd2f871df9048e40032a6b082b5545537c313d9
- SHA256
  
  fba0b7d5c042f0a13fd5b875f6f13989038ca188d6de6f505ed52bc85ac0de48
- SHA512
  
  802855c9ca71b6502cf7529136e3bf67f3829e1283b67ca36e4f7e863e55c499ef8379384b13053399ab162ae7a601a906503db7a5b3bd09860d1213915dca31
- SSDEEP
  
  49152:SxKLuTiHzQ6oSipy03foa6TvNn4WhFbUToml/2QWP1e3n2wkJOs5Kg5GTV8MWGo:SxK6THDS+WhSH4vP5g8MWG
Score

6^/10

bootkit persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral21 behavioral22
- Target
  
  Victoria 5.37 Portable/porttalk.sys
- Size
  
  3KB
- MD5
  
  7d5a2d755b6c6579f63657b527d6ff1b
- SHA1
  
  fd7d864b96bafa21a76128bfb02dcccb57eddad6
- SHA256
  
  a2b44785fa6be4a2a723b06b906f6c48dead63acc0f787cf9a0890eed47f9d0c
- SHA512
  
  78908dc49b8463167b5b72be4e9ba436d583e4e97bcfc4a3505997cb99495146a6749ca7c2b680be840abf554744b18b87fa09abcb87d4e26104920ac230c9d8
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Enumerates connected drives

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24