Resubmissions

02/03/2024, 17:12

240302-vrcrysfc6z 7

General

  • Target

    HDD Regenerator 2011.exe

  • Size

    6.5MB

  • Sample

    240302-vrcrysfc6z

  • MD5

    c2a112ee6b86cb98b0bfbd6ae2f8fd06

  • SHA1

    b396891d09416fc58930193dc594ed774d8f17f7

  • SHA256

    08d95e46cac1a5e1ecd1db39127a01f6351016bc24d11e2c3d6fddd7e0b78183

  • SHA512

    638ea573d48aeacccb80ed8cb00475ad336a6b522235418ddb2e3637458119dc2c0d3420e11c410f6c74cbc22a7d721f4f68333da405e0884f8a0a0b1b340ede

  • SSDEEP

    98304:IEyiP7N0bjKAyu4vjMplwU+Xzrism4CHhp+DqfE+40XmjV4XqTz1ThtjqFGqW+UW:I4BGmAyXixJpdosBXuSXS1TGFojjM/lj

Score
7/10

Malware Config

Targets

    • Target

      HDD Regenerator 2011.exe

    • Size

      6.5MB

    • MD5

      c2a112ee6b86cb98b0bfbd6ae2f8fd06

    • SHA1

      b396891d09416fc58930193dc594ed774d8f17f7

    • SHA256

      08d95e46cac1a5e1ecd1db39127a01f6351016bc24d11e2c3d6fddd7e0b78183

    • SHA512

      638ea573d48aeacccb80ed8cb00475ad336a6b522235418ddb2e3637458119dc2c0d3420e11c410f6c74cbc22a7d721f4f68333da405e0884f8a0a0b1b340ede

    • SSDEEP

      98304:IEyiP7N0bjKAyu4vjMplwU+Xzrism4CHhp+DqfE+40XmjV4XqTz1ThtjqFGqW+UW:I4BGmAyXixJpdosBXuSXS1TGFojjM/lj

    Score
    7/10
    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks