Overview

overview

8

Static

static

1

360TS_Setu...54.exe

windows7-x64

8

360TS_Setu...54.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    360TS_Setup_Mini_WW.Marketator.CPI20230405_6.6.0.1054.exe

  • Size

    1.5MB

  • Sample

    240524-dy59eabc81

  • MD5

    cd4acedefa9ab5c7dccac667f91cef13

  • SHA1

    bff5ce910f75aeae37583a63828a00ae5f02c4e7

  • SHA256

    dd0e8944471f44180dd44807d817e0b8a1c931fc67d48278cdb7354d98567e7c

  • SHA512

    06fae66da503eb1b9b4fbe63a5bb98c519a43999060029c35fe289e60b1cb126a6278c67ce90f02e05b893fcaea6d54f9deb65bc6da82561487a7754f50c93d1

  • SSDEEP

    24576:3D1YS7FpyUxT3DC2C1zj1SqdAGFQZIx2C45UJoeXH:OQ5xT3DDazjYq+ZIwL5UJoe3

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      360TS_Setup_Mini_WW.Marketator.CPI20230405_6.6.0.1054.exe

    • Size

      1.5MB

    • MD5

      cd4acedefa9ab5c7dccac667f91cef13

    • SHA1

      bff5ce910f75aeae37583a63828a00ae5f02c4e7

    • SHA256

      dd0e8944471f44180dd44807d817e0b8a1c931fc67d48278cdb7354d98567e7c

    • SHA512

      06fae66da503eb1b9b4fbe63a5bb98c519a43999060029c35fe289e60b1cb126a6278c67ce90f02e05b893fcaea6d54f9deb65bc6da82561487a7754f50c93d1

    • SSDEEP

      24576:3D1YS7FpyUxT3DC2C1zj1SqdAGFQZIx2C45UJoeXH:OQ5xT3DDazjYq+ZIwL5UJoe3

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks