General
-
Target
ClaimD_UkP(33)
-
Size
82KB
-
Sample
230406-h5a43adh5x
-
MD5
1b538fb655d1ea772726b28a85ec7d15
-
SHA1
cfd966ba2f7c7ef654465c013686da1c7de6afe9
-
SHA256
23a5d13793ab459b6af65b981172dedc3ad6e2c745aa5eb79c3f1e948ee89037
-
SHA512
e2baca3ae7eb094fbda9c65c04d40ede9dfcdf6e29de7fdfc691dfc46d5c54baaa9d2da709cac7757ff7b9910838afdcd836f983e5fefc24cd98305bceb23532
-
SSDEEP
1536:8AzaBoRHY+8SqpqbKyOxc+IWsEltqlqheN:8AzaBoFYnFp0KA+IWs2tqlvN
Static task
static1
Behavioral task
behavioral1
Sample
ClaimD_UkP(33).js
Resource
win10-20230220-en
Malware Config
Extracted
http://139.180.172.203/oUL2TJbgdevk.dat
http://154.7.253.203/iD6lQK.dat
http://198.44.140.75/ObaPI.dat
http://137.74.39.237/fkxoEdG.dat
http://87.236.146.53/PsEwwF0hC.dat
http://103.214.71.131/rehbF3vo.dat
Targets
-
-
Target
ClaimD_UkP(33)
-
Size
82KB
-
MD5
1b538fb655d1ea772726b28a85ec7d15
-
SHA1
cfd966ba2f7c7ef654465c013686da1c7de6afe9
-
SHA256
23a5d13793ab459b6af65b981172dedc3ad6e2c745aa5eb79c3f1e948ee89037
-
SHA512
e2baca3ae7eb094fbda9c65c04d40ede9dfcdf6e29de7fdfc691dfc46d5c54baaa9d2da709cac7757ff7b9910838afdcd836f983e5fefc24cd98305bceb23532
-
SSDEEP
1536:8AzaBoRHY+8SqpqbKyOxc+IWsEltqlqheN:8AzaBoFYnFp0KA+IWs2tqlvN
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-