General
-
Target
合同款水单-4.rar
-
Size
18.8MB
-
Sample
240516-pcm2gsbg9v
-
MD5
2ccf21f9ecebcec10fe8368b501e3b6e
-
SHA1
0192e5a77f45ad1abec1e52ae106c58551fe88a4
-
SHA256
b6c73faaefc71349088d1da9e78c152f0f3bd91cc084ed60b076a4e3d17ad1bf
-
SHA512
694c9eda792c1719057e3a53ae21a49020455207c9b68bffecb4a98372f5246a663f5ab19f37683e38414999ff862cc12a2a55e968573b380c363b5210b11648
-
SSDEEP
393216:3Z5nUS1MYctmaYD8evdslSN+tC4CxS6029aMAG9At69fcIXNd2:b1Mg4qqmAR60297AGitifcIXNd2
Malware Config
Targets
-
-
Target
合同款水单-4/合同款水单-4/FF42A1BE7828464/42446D2BAB.exe
-
Size
2.7MB
-
MD5
ea34ae082d044cce9f9ce6aed691f1ed
-
SHA1
0e1fd5acd174306c98363dcc82d5580a46bd607b
-
SHA256
15c8ec50e3abdf262181f4352156fb77a642fe9555a939643996299f69e0c111
-
SHA512
a0eafefd289f2edb7b1237fcf3914741596bbc318ef3e80f142d7b6d4a5e5876e1f527add60ddaf51fdab2ef1f3e6aec67dd346f9987b23a8621f378228eb2f3
-
SSDEEP
49152:HYFGy3zKnaJRMzt9uLNj3sZRWhr7jc8wihr4:4HGaJ69uLNAZgkbihM
Score6/10-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
合同款水单-4/合同款水单-4/合同款水单-4.exe
-
Size
14.7MB
-
MD5
5bfeb1f890e37e6cd3b35ecef8c190ff
-
SHA1
48781575a220779336b44633d89fc376fe62ac99
-
SHA256
72ed22c7a96b0b58e20145960e154b0fe232918c7b5551d187847331c6ec0196
-
SHA512
00cf560ac4ddc26cd72059a1e6c7baf8cc010d1c322d8a0011bcb359be0fa0a92559f7c294cdd39846011cbcfe9068eed16c27317f1277c0989be39e2d9fa079
-
SSDEEP
196608:4dlDUU3uzfhvVKkkG3AnweEea/1wp8AmDcOiSDF+psqBpIp7+w:slDUc+fhvVKbG3Ze+e8XDvUp5pWv
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1