General

  • Target

    d4ffc32fe759a62fdf80f39ba417ac50d6868b88f78896dc3a4914a8e9bebef3

  • Size

    214KB

  • Sample

    221127-s5c9jahd34

  • MD5

    91b66e0a738ffa31cbb53dabbfe5303b

  • SHA1

    f560be5e317ddcd2566951d7e85345b55f78d1e0

  • SHA256

    d4ffc32fe759a62fdf80f39ba417ac50d6868b88f78896dc3a4914a8e9bebef3

  • SHA512

    57583cfa65c7d74f2189ec540d7ef370b58a238a8e9159319d3d26ea770a5b539691b5a4607ad9ff0329309c40e5c98d68648bf2dfb5362c8a770f401ec4c46d

  • SSDEEP

    3072:2gXdZt9P6D3XJjcgTBKcuOV/JOZFZ5KuWzsCi3ZhkP+YT6erSvy4rUhwRnwKCZBR:2e34VvKcugJkFZUuWzA3MWYT+vy4hq7

Malware Config

Targets

    • Target

      d4ffc32fe759a62fdf80f39ba417ac50d6868b88f78896dc3a4914a8e9bebef3

    • Size

      214KB

    • MD5

      91b66e0a738ffa31cbb53dabbfe5303b

    • SHA1

      f560be5e317ddcd2566951d7e85345b55f78d1e0

    • SHA256

      d4ffc32fe759a62fdf80f39ba417ac50d6868b88f78896dc3a4914a8e9bebef3

    • SHA512

      57583cfa65c7d74f2189ec540d7ef370b58a238a8e9159319d3d26ea770a5b539691b5a4607ad9ff0329309c40e5c98d68648bf2dfb5362c8a770f401ec4c46d

    • SSDEEP

      3072:2gXdZt9P6D3XJjcgTBKcuOV/JOZFZ5KuWzsCi3ZhkP+YT6erSvy4rUhwRnwKCZBR:2e34VvKcugJkFZUuWzA3MWYT+vy4hq7

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v6

Tasks