General

  • Target

    coore32.exec

  • Size

    188KB

  • Sample

    240507-qpj12ahe2s

  • MD5

    1e9cfde60489a299dbd413d137e393d5

  • SHA1

    f35ee5650ca19945453cd12b0ac0da279c2e715b

  • SHA256

    783788fec5516d3d456fca8c2ea722ba5db1a84111b4fb482a41c54abe0a8a6f

  • SHA512

    271c16ceb0d8531c44a1004e57f64708094fab224ff544bccd2b8fa5ba2ae6ebf0e0764c6dcb4348050d6352e4ad26e6f431848df24696054130bc8fb0ece010

  • SSDEEP

    3072:FxHFi7EUAzkueu3Ra4tr+vf2oZ5g+ptKIAAbw2z20JgEtwP7sN5RKsTQBxoY7Pv/:F1FioUAzOr4R+H2oZ5g2wIAwxz20JgEX

Malware Config

Targets

    • Target

      coore32.exec

    • Size

      188KB

    • MD5

      1e9cfde60489a299dbd413d137e393d5

    • SHA1

      f35ee5650ca19945453cd12b0ac0da279c2e715b

    • SHA256

      783788fec5516d3d456fca8c2ea722ba5db1a84111b4fb482a41c54abe0a8a6f

    • SHA512

      271c16ceb0d8531c44a1004e57f64708094fab224ff544bccd2b8fa5ba2ae6ebf0e0764c6dcb4348050d6352e4ad26e6f431848df24696054130bc8fb0ece010

    • SSDEEP

      3072:FxHFi7EUAzkueu3Ra4tr+vf2oZ5g+ptKIAAbw2z20JgEtwP7sN5RKsTQBxoY7Pv/:F1FioUAzOr4R+H2oZ5g2wIAwxz20JgEX

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks