General
-
Target
Сайты.txt
-
Size
182B
-
Sample
240211-pcqsdaaa39
-
MD5
5d6ce496f054d5af9c6834b3ebeae708
-
SHA1
d156a9141a9a9c11710ded8a32b13f902dda463f
-
SHA256
845bd520da1c7436d3fce5a9609e8ac5946518249d8ed74993112ba96d0e71e1
-
SHA512
69b2a2baf5b79fba5dc54901ab70024231eb0b4f883c103c3ce17e54c3ddcaccf49845635b3e419109041d7b207eecebe7da935a34d63d20bc7cbec7fd33fc21
Static task
static1
Behavioral task
behavioral1
Sample
Сайты.txt
Resource
win10-20231215-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___ONL2IG0_.txt
cerber
http://xpcx6erilkjced3j.onion/0E76-B9F8-3B56-0098-B15D
http://xpcx6erilkjced3j.1n5mod.top/0E76-B9F8-3B56-0098-B15D
http://xpcx6erilkjced3j.19kdeh.top/0E76-B9F8-3B56-0098-B15D
http://xpcx6erilkjced3j.1mpsnr.top/0E76-B9F8-3B56-0098-B15D
http://xpcx6erilkjced3j.18ey8e.top/0E76-B9F8-3B56-0098-B15D
http://xpcx6erilkjced3j.17gcun.top/0E76-B9F8-3B56-0098-B15D
Targets
-
-
Target
Сайты.txt
-
Size
182B
-
MD5
5d6ce496f054d5af9c6834b3ebeae708
-
SHA1
d156a9141a9a9c11710ded8a32b13f902dda463f
-
SHA256
845bd520da1c7436d3fce5a9609e8ac5946518249d8ed74993112ba96d0e71e1
-
SHA512
69b2a2baf5b79fba5dc54901ab70024231eb0b4f883c103c3ce17e54c3ddcaccf49845635b3e419109041d7b207eecebe7da935a34d63d20bc7cbec7fd33fc21
-
Contacts a large (1123) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Modifies Windows Firewall
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Pre-OS Boot
1Bootkit
1