General

  • Target

    cs16_snow_leopard.exe

  • Size

    376.8MB

  • Sample

    240223-rngpysah96

  • MD5

    15bc08a53230c2097b1fc23af3410fc4

  • SHA1

    b5b567b30a70e650ed843aaaf161d0a59a2b9cfa

  • SHA256

    15b5cad187f1ad49c2d556e27eb035cf5ac47c82972542aba889a79f62057505

  • SHA512

    a58397b31bcbaa1f438ff91b293554a23daf8db450286f6468043eb57a8aea3c9726eafb1c913d13792a2441239902c69a6397d9e5488f5c554e23f89e57ba68

  • SSDEEP

    6291456:Z6o1KCk0/CiMxXLL29bxarZ8LVl6T81DEt+XeVL8/JoFUGjV7BcqD4gjVTH7JZ:Z6wKKs1LC9bArZ8LVl6w1DEUQenGjV7B

Malware Config

Targets

    • Target

      cs16_snow_leopard.exe

    • Size

      376.8MB

    • MD5

      15bc08a53230c2097b1fc23af3410fc4

    • SHA1

      b5b567b30a70e650ed843aaaf161d0a59a2b9cfa

    • SHA256

      15b5cad187f1ad49c2d556e27eb035cf5ac47c82972542aba889a79f62057505

    • SHA512

      a58397b31bcbaa1f438ff91b293554a23daf8db450286f6468043eb57a8aea3c9726eafb1c913d13792a2441239902c69a6397d9e5488f5c554e23f89e57ba68

    • SSDEEP

      6291456:Z6o1KCk0/CiMxXLL29bxarZ8LVl6T81DEt+XeVL8/JoFUGjV7BcqD4gjVTH7JZ:Z6wKKs1LC9bArZ8LVl6w1DEUQenGjV7B

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks