General
-
Target
ac31615d4d5a3f6c6d9c6d0a33f8000d
-
Size
1.0MB
-
Sample
240228-snvggsef6t
-
MD5
ac31615d4d5a3f6c6d9c6d0a33f8000d
-
SHA1
38ad90fa82e226b331d7701f9b8cad2631ecd9bd
-
SHA256
b034d411d2e7b1dab43be884e64495b3f35990f56da7749da0138dc68db9b700
-
SHA512
00ec2d7f5359952c2f3a9e5abb06c013b222a819be5605db73fa36215ef88a3d7f6c51a8fca7aa589f6edcf0a938e66b5b342c8482f5e1353f1164de9a3de51a
-
SSDEEP
24576:HbMjX6cnKzQu01vLsUDF8KWtmJ0y91IhAEgDnD:7L6i0uUDFDW+FfI2EuD
Malware Config
Targets
-
-
Target
ac31615d4d5a3f6c6d9c6d0a33f8000d
-
Size
1.0MB
-
MD5
ac31615d4d5a3f6c6d9c6d0a33f8000d
-
SHA1
38ad90fa82e226b331d7701f9b8cad2631ecd9bd
-
SHA256
b034d411d2e7b1dab43be884e64495b3f35990f56da7749da0138dc68db9b700
-
SHA512
00ec2d7f5359952c2f3a9e5abb06c013b222a819be5605db73fa36215ef88a3d7f6c51a8fca7aa589f6edcf0a938e66b5b342c8482f5e1353f1164de9a3de51a
-
SSDEEP
24576:HbMjX6cnKzQu01vLsUDF8KWtmJ0y91IhAEgDnD:7L6i0uUDFDW+FfI2EuD
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1