General
-
Target
b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0
-
Size
4.8MB
-
Sample
240520-sp4rjsfh8v
-
MD5
35d215e36f7b7b09f1a60e1b45fab112
-
SHA1
5d4a9ed9994f512b8bd5e308ceff5aec60ba6bcd
-
SHA256
b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0
-
SHA512
2596e6f3b104a83d810e4a3332f5d6d43cc58d92ba80c877b0fc82aa094813bb23eff6527b59517c99499045d08ff9f4a0c70046f81fc8c7e1d8fe034fee252a
-
SSDEEP
98304:OX3oVSsYFZ2xtp/BZXxkIpPG1f5e8M/Cw/khc5FbKEQ26PVR7m6gZ1MRGNCyI5AB:IF2lBZBkIOhe8M/Cw/khc5FbKEV6PVRa
Malware Config
Targets
-
-
Target
b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0
-
Size
4.8MB
-
MD5
35d215e36f7b7b09f1a60e1b45fab112
-
SHA1
5d4a9ed9994f512b8bd5e308ceff5aec60ba6bcd
-
SHA256
b5d35117240f2342dec45eee36d06bb7bc5b434c8c98085d83f11be2ac0ed5b0
-
SHA512
2596e6f3b104a83d810e4a3332f5d6d43cc58d92ba80c877b0fc82aa094813bb23eff6527b59517c99499045d08ff9f4a0c70046f81fc8c7e1d8fe034fee252a
-
SSDEEP
98304:OX3oVSsYFZ2xtp/BZXxkIpPG1f5e8M/Cw/khc5FbKEQ26PVR7m6gZ1MRGNCyI5AB:IF2lBZBkIOhe8M/Cw/khc5FbKEV6PVRa
Score8/10-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1