General
-
Target
03cc044116011a0d8f883a8bc2ed5f3a2bc5f69453adba3bdf60b8e77ac0619a
-
Size
404KB
-
Sample
240419-h231nsce6x
-
MD5
3ee0e7a1b4559ba16d83cf64f2d91a6e
-
SHA1
49a65a66917c0923d76bea5d24de7b0723434e7c
-
SHA256
03cc044116011a0d8f883a8bc2ed5f3a2bc5f69453adba3bdf60b8e77ac0619a
-
SHA512
25994d5c7569ba06d938a901a8677258eaea4b136f4c0b7032b40ba9103ef724fc532849ca58c4712e553736f8173e98fc12dd1d2ed4221c9065f810f750adb2
-
SSDEEP
6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4N:gtRfJcNYFNm8UhlZGseN
Static task
static1
Behavioral task
behavioral1
Sample
03cc044116011a0d8f883a8bc2ed5f3a2bc5f69453adba3bdf60b8e77ac0619a.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
03cc044116011a0d8f883a8bc2ed5f3a2bc5f69453adba3bdf60b8e77ac0619a.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
03cc044116011a0d8f883a8bc2ed5f3a2bc5f69453adba3bdf60b8e77ac0619a
-
Size
404KB
-
MD5
3ee0e7a1b4559ba16d83cf64f2d91a6e
-
SHA1
49a65a66917c0923d76bea5d24de7b0723434e7c
-
SHA256
03cc044116011a0d8f883a8bc2ed5f3a2bc5f69453adba3bdf60b8e77ac0619a
-
SHA512
25994d5c7569ba06d938a901a8677258eaea4b136f4c0b7032b40ba9103ef724fc532849ca58c4712e553736f8173e98fc12dd1d2ed4221c9065f810f750adb2
-
SSDEEP
6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4N:gtRfJcNYFNm8UhlZGseN
Score8/10-
Blocklisted process makes network request
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1