Overview

overview

8

Static

static

1

infected (...on.exe

windows7-x64

6

infected (...on.exe

windows10-2004-x64

7

infected (...te.exe

windows7-x64

1

infected (...te.exe

windows10-2004-x64

1

infected (...le.exe

windows7-x64

8

infected (...le.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    infected (2).rar

  • Size

    1.2MB

  • Sample

    230401-vc2grscf4w

  • MD5

    6aa0afe7ec2fc64c47d0b26ac7dda8f9

  • SHA1

    2d33d1630daf7a9bf082363639594d87e5f391fc

  • SHA256

    47d53a6d231fb86dcb89dd2f83560654cc427d495e9ba72413c9033683c3cdf9

  • SHA512

    76625a7d15379d3bc17f20e0bd87ee2c992d34b8a403d18192ef2aedb7b1ae5225e565a61d9182b25c92c92c247afad32240f0764f8b2040c9e821b22702dc9e

  • SSDEEP

    24576:TS33JMVT3+no0acdNugVSj8UTXLd1p6ob+bN2ty0ktLbw4JCJan87:TSnJMVuno5JgQlT7P0/bMty0kZCMS

Score
8/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      infected (2)/1/Application.exe

    • Size

      566KB

    • MD5

      d39006b5f48fb225c61b75414c712a58

    • SHA1

      7eb5c3dda79df5a2e958ba34e3d43c19b4bb7b4b

    • SHA256

      c936f1598721a9a92d7f31c6c13b55013b8a2a344e3df4156e5b033006336544

    • SHA512

      e91e47d6c11878a5a92cd6afb56b09a34c273784d00482ffe7bfbdf516b6e072083290cf5b27554d5614b13e6a8a9bfa5dce5cc6ce2f91bc3e5a98d326d27011

    • SSDEEP

      12288:4SL9St9NTTTQnGBxUAh8qVoxZBlgNuyfOuZzUbA5Od1Dbp6C2H:dLEt9NTnQcxVofAEIYkybp12H

    Score
    7/10
    bootkitpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

    • Target

      infected (2)/1/XLGameUpdate.exe

    • Size

      422KB

    • MD5

      08e6daf4f5d3480ba8d55fb284ef7b2b

    • SHA1

      6a8e5c27d9cfe0a4570f981944e27f3755638415

    • SHA256

      769d59d03036af86c7a9950f03ebc7b693a94d3e2f8ecd1d74cf5600ab948105

    • SHA512

      aaeee94ec0e4f758bdb98bb9117c5389c04bf8101cc9839eb1dfa2a6214f94175082f7fc79a358435f5ed3c30631632e3d1e587cda2f6922ed601d0189020e36

    • SSDEEP

      12288:OoAts1BDoHXcNKecznBaRR4KAQ+GLRRaKC3uqCR0gLL:OIynBaRz+GLfqCR0gLL

    Score
    1/10
    behavioral3behavioral4

    • Target

      infected (2)/2/Console.exe

    • Size

      1.0MB

    • MD5

      3aaf501f5a33c7b5457cdc9d876175e4

    • SHA1

      984dd31cde0808a038ab7dda7c725589d9b93ccf

    • SHA256

      f57a2410ce496f17befaf980e3d38156f6f3641b2daa546ac42fc5181c2cce89

    • SHA512

      f8ad9a8d86aab7b0c3f3008f5ee2530bf5515fd1128882394add2ca66cbab073694fd5cae8ebc3927af493a103f523fdcde6672ff07bfa02f391d07e4e9c44c0

    • SSDEEP

      24576:hjXTI+uEu0on2l+syXOCHAvJNMVqT5HjTEtkD9UQwZqF2nbJ:GZn2l+syXOCHAvXvTdEtaXw4F2nbJ

    Score
    8/10
    evasion
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks