General
-
Target
1580970442738.jpg
-
Size
76KB
-
Sample
230327-mcdfyafa3w
-
MD5
b314d3c6e34780e3326fe5253f4522b2
-
SHA1
dd2bd989d38c135af9afe96d3cd2cac264640b35
-
SHA256
92f2211ef8bebf0b08f243ea6581259318c60964a780b2842233578bf11f1c32
-
SHA512
05398d65533e8421977715c1d33f36d9aee93c85f9268b0e9ebf2e7e1bf516f253065701fcc018937d7ff62a1a02f0f777e3188adc7e24ab54a2cfe97aa002b0
-
SSDEEP
1536:j78swFHi7c7xjQj7jiUbNTR3LSbiM0jr9Ihn77gxYZ9PxyN3kNtobDOZljfT:BoKcOj3kbIxaQWrAUAqjr
Malware Config
Targets
-
-
Target
1580970442738.jpg
-
Size
76KB
-
MD5
b314d3c6e34780e3326fe5253f4522b2
-
SHA1
dd2bd989d38c135af9afe96d3cd2cac264640b35
-
SHA256
92f2211ef8bebf0b08f243ea6581259318c60964a780b2842233578bf11f1c32
-
SHA512
05398d65533e8421977715c1d33f36d9aee93c85f9268b0e9ebf2e7e1bf516f253065701fcc018937d7ff62a1a02f0f777e3188adc7e24ab54a2cfe97aa002b0
-
SSDEEP
1536:j78swFHi7c7xjQj7jiUbNTR3LSbiM0jr9Ihn77gxYZ9PxyN3kNtobDOZljfT:BoKcOj3kbIxaQWrAUAqjr
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Discovery
Query Registry
5System Information Discovery
5Peripheral Device Discovery
2Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Privilege Escalation