General
-
Target
EOSTATE_Exposure_Client-x64-Setup.exe
-
Size
408.0MB
-
Sample
240513-sb9qmsca98
-
MD5
69d005fc36c4f68edc113da0eb8099d9
-
SHA1
bcf3da5d461b0aa07e4f3fe2c1911c0d8af5fb58
-
SHA256
38a53fcf837bef903a5fe590312a8c1f0f7988864c7b7576752569f6a62a4d88
-
SHA512
05ee3f68265c8461e93e5a996bb3b91ef612a054eb1730b4955ec13b6a096d785d5d7b296c52d766419a57d279b2ce69e5709a4271687f16af06e64885044c33
-
SSDEEP
12582912:F0H9cqAhsKOz/uvqDDNxvqdN0PHXQvnDd5fV9641Q70Uhd:09FALOzAq3idN0PgbzNc41Q7Vhd
Static task
static1
Malware Config
Targets
-
-
Target
EOSTATE_Exposure_Client-x64-Setup.exe
-
Size
408.0MB
-
MD5
69d005fc36c4f68edc113da0eb8099d9
-
SHA1
bcf3da5d461b0aa07e4f3fe2c1911c0d8af5fb58
-
SHA256
38a53fcf837bef903a5fe590312a8c1f0f7988864c7b7576752569f6a62a4d88
-
SHA512
05ee3f68265c8461e93e5a996bb3b91ef612a054eb1730b4955ec13b6a096d785d5d7b296c52d766419a57d279b2ce69e5709a4271687f16af06e64885044c33
-
SSDEEP
12582912:F0H9cqAhsKOz/uvqDDNxvqdN0PHXQvnDd5fV9641Q70Uhd:09FALOzAq3idN0PgbzNc41Q7Vhd
-
Modifies firewall policy service
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets file execution options in registry
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Defense Evasion
Modify Registry
4Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1