General
-
Target
cdf1b2d005ad498283d73a0ddbbd5886c775799e021c6a2a99e7549dd87538c0
-
Size
29MB
-
Sample
230327-jhnx3sed41
-
MD5
e0f5c5dacb2c49b9de937e1ac4e6aa12
-
SHA1
7d4e57d53f0b855780ebeee66d7fb51c51a7ab78
-
SHA256
cdf1b2d005ad498283d73a0ddbbd5886c775799e021c6a2a99e7549dd87538c0
-
SHA512
bf6e9a08a1969cac5a1fe53472364a9fee321001be4b003db5e282596ccff3ad9cc50e13c313012a0804e4c66923ac53559443c4c9adc697ebd7a420e9873b97
-
SSDEEP
786432:oX+PCDglQifSjUTs6LhQ/+loqcH9jnfazU/NpQDoWnSz+XBW:EurlQifgUw6LhI+JQ9jfa4/NpmhSR
Malware Config
Targets
-
-
Target
cdf1b2d005ad498283d73a0ddbbd5886c775799e021c6a2a99e7549dd87538c0
-
Size
29MB
-
MD5
e0f5c5dacb2c49b9de937e1ac4e6aa12
-
SHA1
7d4e57d53f0b855780ebeee66d7fb51c51a7ab78
-
SHA256
cdf1b2d005ad498283d73a0ddbbd5886c775799e021c6a2a99e7549dd87538c0
-
SHA512
bf6e9a08a1969cac5a1fe53472364a9fee321001be4b003db5e282596ccff3ad9cc50e13c313012a0804e4c66923ac53559443c4c9adc697ebd7a420e9873b97
-
SSDEEP
786432:oX+PCDglQifSjUTs6LhQ/+loqcH9jnfazU/NpQDoWnSz+XBW:EurlQifgUw6LhI+JQ9jfa4/NpmhSR
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Bootkit
1Privilege Escalation