General
-
Target
drweb-1.0-katana.exe
-
Size
46.8MB
-
Sample
230403-s67jrsff78
-
MD5
8acc7d1bd885d322e0906c48d66b5eac
-
SHA1
8dec2d7e07fd6eee855fe3d18d24cb81514f323c
-
SHA256
c04f2c02e34da7bed4800b45220f5831dec511da884f738c1e3321c18ef8c516
-
SHA512
32a94a49569e582b12a2a99c8030f01eae213ea11be0b6613e3d79c6f9dc3889c80d27b1fbdeb4edd4849be24c4cbda402026d5556de94090543effa34a3048c
-
SSDEEP
786432:MwtCRQ9ZTbV/sjEKj3STdBoFMDhSLF9MKIxEPT9cFRHRdDHtKC0owR:MmFlV/6EgAcFMhSJGKIxwJcF1RdDNKQg
Static task
static1
Behavioral task
behavioral1
Sample
drweb-1.0-katana.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
drweb-1.0-katana.exe
-
Size
46.8MB
-
MD5
8acc7d1bd885d322e0906c48d66b5eac
-
SHA1
8dec2d7e07fd6eee855fe3d18d24cb81514f323c
-
SHA256
c04f2c02e34da7bed4800b45220f5831dec511da884f738c1e3321c18ef8c516
-
SHA512
32a94a49569e582b12a2a99c8030f01eae213ea11be0b6613e3d79c6f9dc3889c80d27b1fbdeb4edd4849be24c4cbda402026d5556de94090543effa34a3048c
-
SSDEEP
786432:MwtCRQ9ZTbV/sjEKj3STdBoFMDhSLF9MKIxEPT9cFRHRdDHtKC0owR:MmFlV/6EgAcFMhSJGKIxwJcF1RdDNKQg
Score8/10-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-