General

  • Target

    clash-of-clans-1.0.12067.123-installer_U9-aR81.exe

  • Size

    1.7MB

  • Sample

    230403-la2v3sfc6w

  • MD5

    8c5ce85a467924e907c46dee684dee58

  • SHA1

    5eeaf6c2228f808a5dc40d7b6340cedc3a002e75

  • SHA256

    66ffa7f958b2dc966dd9f2359d4254c58f798a4a5e9e549adbd8a1cfdbedc73e

  • SHA512

    529c6a7917b58fa40567ff6185bc10bb61fc6f0bbc564805e318fb5f3038fc79091103b7d25b4edc8cdbe5953be6d97d5cd7319fcf688c8a3c9668429af3170d

  • SSDEEP

    24576:D7FUDowAyrTVE3U5Fmr9PamvXdPaJPfrT90eKc4cgFLNPfs8duMpmsDck:DBuZrEU0vNwPH9RHgFLRdp/3

Malware Config

Targets

    • Target

      clash-of-clans-1.0.12067.123-installer_U9-aR81.exe

    • Size

      1.7MB

    • MD5

      8c5ce85a467924e907c46dee684dee58

    • SHA1

      5eeaf6c2228f808a5dc40d7b6340cedc3a002e75

    • SHA256

      66ffa7f958b2dc966dd9f2359d4254c58f798a4a5e9e549adbd8a1cfdbedc73e

    • SHA512

      529c6a7917b58fa40567ff6185bc10bb61fc6f0bbc564805e318fb5f3038fc79091103b7d25b4edc8cdbe5953be6d97d5cd7319fcf688c8a3c9668429af3170d

    • SSDEEP

      24576:D7FUDowAyrTVE3U5Fmr9PamvXdPaJPfrT90eKc4cgFLNPfs8duMpmsDck:DBuZrEU0vNwPH9RHgFLRdp/3

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Defense Evasion

File Permissions Modification

1
T1222

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Tasks