General
-
Target
sample
-
Size
86KB
-
Sample
240304-r86vksda3y
-
MD5
53827238063ec6b61695a6ca625a3159
-
SHA1
09cbd7323d23f303785d32d85bf217706205ab88
-
SHA256
9ee73fddcf442cc41bf8dfdfa6e283d335242e061bf643ec0c1a35130d219003
-
SHA512
8d51c1572422b3dee60c9c942a0d3461e4d64a4868fc8c6ad546ee5d2567af65c6a6d72f15799e081c62bbe855f7e45dc94d9866ed0aec3ca0f75cff07bae504
-
SSDEEP
1536:Jq6uYq4NkFYGu3QlU8KQkeSVN0NtseOcwbPEVjj9:46uYqmkWQlkcwmj9
Static task
static1
Behavioral task
behavioral1
Sample
sample.js
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
sample
-
Size
86KB
-
MD5
53827238063ec6b61695a6ca625a3159
-
SHA1
09cbd7323d23f303785d32d85bf217706205ab88
-
SHA256
9ee73fddcf442cc41bf8dfdfa6e283d335242e061bf643ec0c1a35130d219003
-
SHA512
8d51c1572422b3dee60c9c942a0d3461e4d64a4868fc8c6ad546ee5d2567af65c6a6d72f15799e081c62bbe855f7e45dc94d9866ed0aec3ca0f75cff07bae504
-
SSDEEP
1536:Jq6uYq4NkFYGu3QlU8KQkeSVN0NtseOcwbPEVjj9:46uYqmkWQlkcwmj9
-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1