General

  • Target

    d6dfdb332623e9be79855681dd84c8234174ba900c93970d8574523516b11aeb

  • Size

    5.3MB

  • Sample

    240526-fnttqsfh3y

  • MD5

    4439dea6e261e089e18103c9ffd48541

  • SHA1

    63c49802bc7f338cb0a5fd3a0d29d6a88c6f251d

  • SHA256

    d6dfdb332623e9be79855681dd84c8234174ba900c93970d8574523516b11aeb

  • SHA512

    38527c707bfd2dbe33064bdbcd59db62e445461e2475e9dfe3026bf232eb37a3a6d185f3244c29fd30f69deb2c46cb04ffa7dff618a40e4bad6ea4b8ecbfe32b

  • SSDEEP

    98304:GN/SSxn5D1cKNn1q5hwtiC5exhnSH2nLlalo/iwd9xaEDHr9gfrXx36T:GN/SoVNtA59Vjiwd9xaEDHrYrB3E

Malware Config

Targets

    • Target

      d6dfdb332623e9be79855681dd84c8234174ba900c93970d8574523516b11aeb

    • Size

      5.3MB

    • MD5

      4439dea6e261e089e18103c9ffd48541

    • SHA1

      63c49802bc7f338cb0a5fd3a0d29d6a88c6f251d

    • SHA256

      d6dfdb332623e9be79855681dd84c8234174ba900c93970d8574523516b11aeb

    • SHA512

      38527c707bfd2dbe33064bdbcd59db62e445461e2475e9dfe3026bf232eb37a3a6d185f3244c29fd30f69deb2c46cb04ffa7dff618a40e4bad6ea4b8ecbfe32b

    • SSDEEP

      98304:GN/SSxn5D1cKNn1q5hwtiC5exhnSH2nLlalo/iwd9xaEDHr9gfrXx36T:GN/SoVNtA59Vjiwd9xaEDHrYrB3E

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Tasks