Overview

overview

7

Static

static

1

infected/0...35.exe

windows7-x64

7

infected/0...35.exe

windows10-2004-x64

7

infected/1...on.exe

windows7-x64

6

infected/1...on.exe

windows10-2004-x64

7

infected/1...te.exe

windows7-x64

1

infected/1...te.exe

windows10-2004-x64

3

infected/b...7b.msi

windows7-x64

7

infected/b...7b.msi

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    infected.rar

  • Size

    2.1MB

  • Sample

    230401-vkryascf81

  • MD5

    2b37b63a28025df9acc749d94c0bac7c

  • SHA1

    f8c8e50245c945b6ae3efe5f1b364db107f4bec9

  • SHA256

    b84af91e5c3dca954dd4ca37216e156574ad03b4d1826942ff26a0d3bc94b35b

  • SHA512

    51c29cd2c771c8fd86cdf9815e3ef00d228b95411d8f8b780a6776a556b6a26cfb0361511c80358a86b8f56010155f3a669a2e95fac53f7b1458b3915fe94759

  • SSDEEP

    49152:E0wiCM1p3mBysuZQKzwBOkYSnJMVUn0UJgQJtkH3isdC2R7xot:E0wi9r3mByslIwOjSnJaaLaE+xot

Score
7/10
bootkitdiscoverypersistence

Malware Config

Targets

    • Target

      infected/011f3c82c3c58b3351d20b2b363cea011e563abe0ecfc907731a977a3b348935.exe

    • Size

      1.2MB

    • MD5

      c9722836a50208bf06b62e754fd33a30

    • SHA1

      3deb8cc167015c175c6f020d4917af3b95a0dfde

    • SHA256

      011f3c82c3c58b3351d20b2b363cea011e563abe0ecfc907731a977a3b348935

    • SHA512

      c7abca27e018ec9fb8bd8f3fd1f88388d464b60c72333ec6ae3e1c3abe75ebeaafacbe72cb47a5d0c18b754c3de6e0af411fef5c0d3f6e15aab7ba9ac9c3bca2

    • SSDEEP

      24576:WEZIoREJB7t607wRck3ZNHnGnaqpeNUC6Qu/wGdG9P:WEZIoREJB7808yQZNHnGnTeuN14GdGP

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      infected/1/Application.exe

    • Size

      566KB

    • MD5

      d39006b5f48fb225c61b75414c712a58

    • SHA1

      7eb5c3dda79df5a2e958ba34e3d43c19b4bb7b4b

    • SHA256

      c936f1598721a9a92d7f31c6c13b55013b8a2a344e3df4156e5b033006336544

    • SHA512

      e91e47d6c11878a5a92cd6afb56b09a34c273784d00482ffe7bfbdf516b6e072083290cf5b27554d5614b13e6a8a9bfa5dce5cc6ce2f91bc3e5a98d326d27011

    • SSDEEP

      12288:4SL9St9NTTTQnGBxUAh8qVoxZBlgNuyfOuZzUbA5Od1Dbp6C2H:dLEt9NTnQcxVofAEIYkybp12H

    Score
    7/10
    bootkitpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral3behavioral4

    • Target

      infected/1/XLGameUpdate.exe

    • Size

      422KB

    • MD5

      08e6daf4f5d3480ba8d55fb284ef7b2b

    • SHA1

      6a8e5c27d9cfe0a4570f981944e27f3755638415

    • SHA256

      769d59d03036af86c7a9950f03ebc7b693a94d3e2f8ecd1d74cf5600ab948105

    • SHA512

      aaeee94ec0e4f758bdb98bb9117c5389c04bf8101cc9839eb1dfa2a6214f94175082f7fc79a358435f5ed3c30631632e3d1e587cda2f6922ed601d0189020e36

    • SSDEEP

      12288:OoAts1BDoHXcNKecznBaRR4KAQ+GLRRaKC3uqCR0gLL:OIynBaRz+GLfqCR0gLL

    Score
    3/10
    behavioral5behavioral6

    • Target

      infected/b2378f58a8ec6b52981216812351dc4d609745c9773ed583cf0525decae27b7b.msi

    • Size

      636KB

    • MD5

      67ab797bbbce968eb873f69de2263261

    • SHA1

      e0fa6901337b97bc5790b93b31a26dca950fcd30

    • SHA256

      b2378f58a8ec6b52981216812351dc4d609745c9773ed583cf0525decae27b7b

    • SHA512

      4e6c3bb26501abf1ece983979e07422019a86c7f425bf4d41e30460eb54c43492bbc0a40e53b5426f4222fe6bfb4c57eb981c04f595364060d38f2414045afcc

    • SSDEEP

      12288:UQtMRQ+gjpjegLyo8gL8On/1rw8o/hFZRllqyq6kiHsxT8dEk:BtWcpVLSgFBw8o7CaC5uE

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Discovery

System Information Discovery

7
T1082

Query Registry

5
T1012

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks