Resubmissions
18-05-2024 06:29
240518-g85bmsfg9s 709-05-2024 08:53
240509-kthe4sce35 609-05-2024 08:25
240509-kbh9pabh34 808-05-2024 17:13
240508-vrwvtsha87 608-05-2024 17:13
240508-vrvmrsef5w 808-05-2024 12:49
240508-p2hs3adc7v 807-05-2024 11:17
240507-nd22csgc44 1007-05-2024 09:48
240507-lsq7asdf35 807-05-2024 09:43
240507-lp1assde35 107-05-2024 09:38
240507-lmjv2aag4z 7General
-
Target
v0f044gc0000clmruo7og65lhh8ne4g0.mp4
-
Size
4.5MB
-
Sample
240507-nd22csgc44
-
MD5
45b2647eadad13f8cf3137858fb0c3b5
-
SHA1
2d9b8f5ebc8dfb991eecadf9f85d62bfa6cb65ca
-
SHA256
ce537d6a75dc8eaf70494907770fdb780456fea1dc37947bd458481608c5939f
-
SHA512
d40f1d85507f0cd155061c9a95627523293b09005c914fdf9a5aa117646c8e1952b6cc420721daeffa2077e3098ead309b8ffa76d45c35310798d5b167fedb8c
-
SSDEEP
98304:4ju52Pv5pTpB4WuQLTyxZO3UUpTzFXRzeXwyqjq73zBOQcMN1H4nu9KC/GTG/:ULPh5QWuQCy3dpTzFhK7qjqvN1kuWTS
Static task
static1
Behavioral task
behavioral1
Sample
v0f044gc0000clmruo7og65lhh8ne4g0.mp4
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
v0f044gc0000clmruo7og65lhh8ne4g0.mp4
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
v0f044gc0000clmruo7og65lhh8ne4g0.mp4
-
Size
4.5MB
-
MD5
45b2647eadad13f8cf3137858fb0c3b5
-
SHA1
2d9b8f5ebc8dfb991eecadf9f85d62bfa6cb65ca
-
SHA256
ce537d6a75dc8eaf70494907770fdb780456fea1dc37947bd458481608c5939f
-
SHA512
d40f1d85507f0cd155061c9a95627523293b09005c914fdf9a5aa117646c8e1952b6cc420721daeffa2077e3098ead309b8ffa76d45c35310798d5b167fedb8c
-
SSDEEP
98304:4ju52Pv5pTpB4WuQLTyxZO3UUpTzFXRzeXwyqjq73zBOQcMN1H4nu9KC/GTG/:ULPh5QWuQCy3dpTzFhK7qjqvN1kuWTS
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Pre-OS Boot
1Bootkit
1