General

  • Target

    9a88944d1acbde7f0abc4a1c031638f427cb5034f460b29fae4ec903aadd3e14

  • Size

    8.7MB

  • Sample

    240526-edagnsee79

  • MD5

    3459d3c2a22d719b8483707883d525bf

  • SHA1

    63300337da41d50e73a059f49159134705f27d3f

  • SHA256

    9a88944d1acbde7f0abc4a1c031638f427cb5034f460b29fae4ec903aadd3e14

  • SHA512

    65e3429d815a09c4189a582d7f87e1223f99eb45de38be05af6854776f3c04f62ca609db6b0a2076b3c507dbf95176972a62cc3fe429385f2836a524010be4a8

  • SSDEEP

    196608:w+/Q2x3ahQsRdhmUkQd2BCoK1PoneL+rlaG:Z/r+QqIQdwCtRonl

Malware Config

Targets

    • Target

      9a88944d1acbde7f0abc4a1c031638f427cb5034f460b29fae4ec903aadd3e14

    • Size

      8.7MB

    • MD5

      3459d3c2a22d719b8483707883d525bf

    • SHA1

      63300337da41d50e73a059f49159134705f27d3f

    • SHA256

      9a88944d1acbde7f0abc4a1c031638f427cb5034f460b29fae4ec903aadd3e14

    • SHA512

      65e3429d815a09c4189a582d7f87e1223f99eb45de38be05af6854776f3c04f62ca609db6b0a2076b3c507dbf95176972a62cc3fe429385f2836a524010be4a8

    • SSDEEP

      196608:w+/Q2x3ahQsRdhmUkQd2BCoK1PoneL+rlaG:Z/r+QqIQdwCtRonl

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Discovery

System Information Discovery

1
T1082

Tasks