Overview

overview

9

Static

static

3

CUMMINS IN...ro.rar

windows10-2004-x64

3

CUMMINS IN...ro.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CUMMINS INSITE 8.7 Pro.rar

  • Size

    5.1MB

  • Sample

    240425-kgk1gahb6v

  • MD5

    68b3de20095dda98167dc2cfe1368986

  • SHA1

    8ec341145b3feafc6bdf42e33ad15729099d0e41

  • SHA256

    c2b9998b798219e8966f25a04411b3910ca1b2901ac8e5e1fde29950264cc6e0

  • SHA512

    49231e5138bb4a543956d33956294638f57f3be540516eff61640a3e0781f0673df14a32b779543fa971fddbc634027d9d861738f7631fd71d1c54c4de7f257d

  • SSDEEP

    98304:++WUgrcH4z0nZPdCJRwmyx3xQ0S4V7T9c2RCQXfgIyF23xwpVF0/XbEEdgZDiPRa:++Gr+ZlC4mGvV7b5x3gg/bEKR+1Nelc

Score
9/10
bootkitevasionpersistencetrojan

Malware Config

Targets

    • Target

      CUMMINS INSITE 8.7 Pro.rar

    • Size

      5.1MB

    • MD5

      68b3de20095dda98167dc2cfe1368986

    • SHA1

      8ec341145b3feafc6bdf42e33ad15729099d0e41

    • SHA256

      c2b9998b798219e8966f25a04411b3910ca1b2901ac8e5e1fde29950264cc6e0

    • SHA512

      49231e5138bb4a543956d33956294638f57f3be540516eff61640a3e0781f0673df14a32b779543fa971fddbc634027d9d861738f7631fd71d1c54c4de7f257d

    • SSDEEP

      98304:++WUgrcH4z0nZPdCJRwmyx3xQ0S4V7T9c2RCQXfgIyF23xwpVF0/XbEEdgZDiPRa:++Gr+ZlC4mGvV7b5x3gg/bEKR+1Nelc

    Score
    3/10
    behavioral1

    • Target

      CUMMINS INSITE 8.7 Pro/INSITE 8.7 Pro.exe

    • Size

      5.1MB

    • MD5

      a90c789176cf3aa4fbeb1541758e7001

    • SHA1

      89746901191b074d7b36ef7c17c01017a7ad9f66

    • SHA256

      f5986e91f714b4f3736ee40a0e197203552034ec956b797b779decfce8e20d5b

    • SHA512

      eb86d922e9d96825a3c9aaf003ff2a70ab7534b5276417ae6d0bfbb2322b4f2126e849aed6671d88c31561095d03e912c593c61acad4e03a3880ba3d6b3b844c

    • SSDEEP

      98304:HKVf4M+N3gKCai9IiNFeMBAyKdpuYQmmGLQeAjMMtmr6EnQgyxcdxU:qVYiai/FeLpSmmiemr6hxedx

    Score
    9/10
    bootkitevasionpersistencetrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

3
T1012

Virtualization/Sandbox Evasion

2
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks