1289a19bb2c274c60a5f3af06b1fb9070b4bd04d9d6159891f5e9a577c5b26e9 | Triage

Sharing

General

Target

cpu-z_2.05-en.zip
Size

3.3MB
Sample

230603-py3ztshb8s
MD5

52ba95e419924559037071f2964e4d3d
SHA1

4b79a144407f0e64010c37537e1b2331b3ec0877
SHA256

1289a19bb2c274c60a5f3af06b1fb9070b4bd04d9d6159891f5e9a577c5b26e9
SHA512

54e0c59a09edfeb6f06b1737d6072d95255c5f59ca890778dee496db9f47abd3e1a00d5c0a148c488299a2abe2cc5de2739ae4d43adf846e28a6ba181fde15b3
SSDEEP

98304:At4wjQ7eVe3qfj9Ty44WjkSUYtGuJEIzypv:AvjQ79G9d4kkSUEGRI2pv

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  cpu-z_2.05-en.zip
- Size
  
  3.3MB
- MD5
  
  52ba95e419924559037071f2964e4d3d
- SHA1
  
  4b79a144407f0e64010c37537e1b2331b3ec0877
- SHA256
  
  1289a19bb2c274c60a5f3af06b1fb9070b4bd04d9d6159891f5e9a577c5b26e9
- SHA512
  
  54e0c59a09edfeb6f06b1737d6072d95255c5f59ca890778dee496db9f47abd3e1a00d5c0a148c488299a2abe2cc5de2739ae4d43adf846e28a6ba181fde15b3
- SSDEEP
  
  98304:At4wjQ7eVe3qfj9Ty44WjkSUYtGuJEIzypv:AvjQ79G9d4kkSUEGRI2pv
Score

1^/10
behavioral1 behavioral2
- Target
  
  cpuz.ini
- Size
  
  610B
- MD5
  
  5b6e84eac34992afa57366ab3a358bc2
- SHA1
  
  fa48d750f09610d06c387038587d4d616e490a50
- SHA256
  
  732223231ee0d8c125cc363fe149763473fc1e60e723766be73cd7c67e89344f
- SHA512
  
  9675ca496f705d50021a01f828cd18f8d2f2c847a325c4cd3ea5a03908ddce9434a8176e3285378ae2bdbd4aa584766b80cff6c336c7d0031ee160c1e0d50021
Score

1^/10
behavioral3 behavioral4
- Target
  
  cpuz_readme.txt
- Size
  
  34KB
- MD5
  
  2eb35ea69faf3cd6afa084a45856670d
- SHA1
  
  7e23a655d4fc36d867ecc06b47f39d812d07f62f
- SHA256
  
  cac42f52c6b95c3a5fe011a080d645e0ade909a4a77966f9b98046f2c7592401
- SHA512
  
  f13c4422e63d29dbe9e1fbd19858c256a6172df247ddd555caca310bada8a4a90d5f8ed8240307f397a2fc8bc1634567cbf63828a9864c4085abee9d2d1819c7
- SSDEEP
  
  384:+l0b8z1EfKNckGde6POdDP3d8yw9VU3ctu22t+YuZTZLGWtLuHtFY1i:+di3WwAYgthu1ZLBRuHDY1i
Score

1^/10
behavioral5 behavioral6
- Target
  
  cpuz_x32.exe
- Size
  
  3.9MB
- MD5
  
  828a2ee9a1be2ae712643dcf39ac6fef
- SHA1
  
  76a6c1d074547561c050b7826f96e81711f93daf
- SHA256
  
  4d27dcb7c5315f2fa8ea96c1b85e92abb80aa3809b0ed11a81bb82e77de1f93f
- SHA512
  
  c11faeeee903145a888cd092f73b8309847377c32c6f9658d81aabf45053a3072df4fd7eecbf4fc82c9399eeab44eb2e27eb92caf9573f910a0004fd30d7bd61
- SSDEEP
  
  49152:F3nmtcT4d+k/u87Um3fuu0HnqTZbpItLc8aOm7s+Tg1Q:F3nqUW+P8fuu0W427hTge
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  cpuz_x64.exe
- Size
  
  4.4MB
- MD5
  
  d72cbc48531c7c5a92d4b9166622f170
- SHA1
  
  6d8b3087d0604662bae003337760120618e4be20
- SHA256
  
  52c0d33bc392b9a47aae67b6e8eba25b00f5e821c656dfebabdae989447d0053
- SHA512
  
  08ac096425834cc98befcd2de45d5a6e0d6b54c693c136be81f87a446ef910e1527be73bfddfd009b9e9f9aee05e50c9c4fd099ef4319bf0c7d3fb378eada886
- SSDEEP
  
  49152:77rQeIE2Lk10U6DlVOF5ThdpItLc8aOm7s+Tg14:77RSISw427hTge
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

bootkitpersistence

behavioral8

bootkitpersistence

behavioral9

bootkitpersistence

behavioral10

bootkitpersistence