General

  • Target

    RStudio9.exe

  • Size

    61.5MB

  • Sample

    230323-ts8qcagg68

  • MD5

    998bcc209b611ab5780c3164c7ad58b5

  • SHA1

    f89bef8ad202d66736c27dcee9e629178f870c45

  • SHA256

    8a0cdc1793aeb74707295e21663f5564a2e4df6ce71b3b73279d49a0b91a91cd

  • SHA512

    01b927ce57d480fe435e46217afc5a11abbb2a5e30688a8e00b8a577a9e92ed67b46c46606d6cce00387afba46d33a9b71a724dbc6bf3bad4ca4e92a04050b1c

  • SSDEEP

    1572864:oxQ9THj422BelztPwxS8wMvdgykE2izWP8gYQnErATP:oxMD42TzIrwMvK7HPGrYP

Malware Config

Targets

    • Target

      RStudio9.exe

    • Size

      61.5MB

    • MD5

      998bcc209b611ab5780c3164c7ad58b5

    • SHA1

      f89bef8ad202d66736c27dcee9e629178f870c45

    • SHA256

      8a0cdc1793aeb74707295e21663f5564a2e4df6ce71b3b73279d49a0b91a91cd

    • SHA512

      01b927ce57d480fe435e46217afc5a11abbb2a5e30688a8e00b8a577a9e92ed67b46c46606d6cce00387afba46d33a9b71a724dbc6bf3bad4ca4e92a04050b1c

    • SSDEEP

      1572864:oxQ9THj422BelztPwxS8wMvdgykE2izWP8gYQnErATP:oxMD42TzIrwMvK7HPGrYP

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

4
T1082

Tasks