General

  • Target

    kav_setup.exe

  • Size

    13.6MB

  • Sample

    240509-c7hn2agh94

  • MD5

    4b80eaf2288aa715354cfc42e87f6a55

  • SHA1

    2b2227c1135fde2f277eec549faecc57020d6947

  • SHA256

    bdf40bbc008ab151db86ace1b8c2385b8eed742031db4277c4f29ce164995294

  • SHA512

    c51dd779628703e555609768cdcf36b145a67bdb9602f62917dd6162f99560e333fddcfce80f41b9865af2d0fe11242e048ea869080f71f5c8d357ed77d9b4f5

  • SSDEEP

    393216:c/XADqwibq/RIYuUniCRX1mezmAHy5+DIW4scYMMDIknl5:cGA8Ib86AG+DIW6szl5

Malware Config

Targets

    • Target

      kav_setup.exe

    • Size

      13.6MB

    • MD5

      4b80eaf2288aa715354cfc42e87f6a55

    • SHA1

      2b2227c1135fde2f277eec549faecc57020d6947

    • SHA256

      bdf40bbc008ab151db86ace1b8c2385b8eed742031db4277c4f29ce164995294

    • SHA512

      c51dd779628703e555609768cdcf36b145a67bdb9602f62917dd6162f99560e333fddcfce80f41b9865af2d0fe11242e048ea869080f71f5c8d357ed77d9b4f5

    • SSDEEP

      393216:c/XADqwibq/RIYuUniCRX1mezmAHy5+DIW4scYMMDIknl5:cGA8Ib86AG+DIW6szl5

    • Drops file in Drivers directory

    • Sets file execution options in registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Target

      out.upx

    • Size

      1.0MB

    • MD5

      14d2fae1e2eae681cdabdef8552d388d

    • SHA1

      cd9d5f445f11c2cbb1b49caa3f5d915a55c0dd1e

    • SHA256

      7f9e4e482e00dbeb3638e97c5d1f160a3c17f30721ad760d92ca98ab3842a30b

    • SHA512

      fe4ece7e0e97c9154e97d484742fb7d490c5d441a39a577a10069620a5afdf2cb5ecfb07cb22d58dba7accd31e5ad51cba2c611e26e9d3971c896f3bfa6fb7db

    • SSDEEP

      24576:BseYh0ZEieSMB6ep8mtbEji2L60lWrchc2cccccpccccccccccocccccccccccTc:OefZElui2Lfl

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks