General

  • Target

    sample

  • Size

    86KB

  • Sample

    240304-r86vksda3y

  • MD5

    53827238063ec6b61695a6ca625a3159

  • SHA1

    09cbd7323d23f303785d32d85bf217706205ab88

  • SHA256

    9ee73fddcf442cc41bf8dfdfa6e283d335242e061bf643ec0c1a35130d219003

  • SHA512

    8d51c1572422b3dee60c9c942a0d3461e4d64a4868fc8c6ad546ee5d2567af65c6a6d72f15799e081c62bbe855f7e45dc94d9866ed0aec3ca0f75cff07bae504

  • SSDEEP

    1536:Jq6uYq4NkFYGu3QlU8KQkeSVN0NtseOcwbPEVjj9:46uYqmkWQlkcwmj9

Malware Config

Targets

    • Target

      sample

    • Size

      86KB

    • MD5

      53827238063ec6b61695a6ca625a3159

    • SHA1

      09cbd7323d23f303785d32d85bf217706205ab88

    • SHA256

      9ee73fddcf442cc41bf8dfdfa6e283d335242e061bf643ec0c1a35130d219003

    • SHA512

      8d51c1572422b3dee60c9c942a0d3461e4d64a4868fc8c6ad546ee5d2567af65c6a6d72f15799e081c62bbe855f7e45dc94d9866ed0aec3ca0f75cff07bae504

    • SSDEEP

      1536:Jq6uYq4NkFYGu3QlU8KQkeSVN0NtseOcwbPEVjj9:46uYqmkWQlkcwmj9

    • Modifies WinLogon for persistence

    • UAC bypass

    • Disables Task Manager via registry modification

    • Downloads MZ/PE file

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Modifies file permissions

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks