General

  • Target

    b23cb07410639298a3fbdd3d04872c97732c1949968903feabc9d6f8d6439af2

  • Size

    14.0MB

  • Sample

    240526-eftnbsef92

  • MD5

    07c12f253c2eb528a7ce50a45459b56d

  • SHA1

    f26bd6e51fe41a1dbf5e25a0b5e7131f2cc2fe64

  • SHA256

    b23cb07410639298a3fbdd3d04872c97732c1949968903feabc9d6f8d6439af2

  • SHA512

    e9fd384857a4b5b85415087479d76e1681104440de2f5ab0b381e1e2f9487e455fbe511c657abf6ab9e8d1c29916ebe80531b1df6fea62ee619040778ba8a9f0

  • SSDEEP

    196608:bOLauYdxpOWdSOE2phiZ0/wONHLDrd6TYPQo8V+8Cs6cpqVVymDdh+yESGIqDMaL:CLBYdS6SUhQcwALDMXnIVnECatIZW

Malware Config

Targets

    • Target

      b23cb07410639298a3fbdd3d04872c97732c1949968903feabc9d6f8d6439af2

    • Size

      14.0MB

    • MD5

      07c12f253c2eb528a7ce50a45459b56d

    • SHA1

      f26bd6e51fe41a1dbf5e25a0b5e7131f2cc2fe64

    • SHA256

      b23cb07410639298a3fbdd3d04872c97732c1949968903feabc9d6f8d6439af2

    • SHA512

      e9fd384857a4b5b85415087479d76e1681104440de2f5ab0b381e1e2f9487e455fbe511c657abf6ab9e8d1c29916ebe80531b1df6fea62ee619040778ba8a9f0

    • SSDEEP

      196608:bOLauYdxpOWdSOE2phiZ0/wONHLDrd6TYPQo8V+8Cs6cpqVVymDdh+yESGIqDMaL:CLBYdS6SUhQcwALDMXnIVnECatIZW

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies boot configuration data using bcdedit

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks