General

  • Target

    ff6c8d6c806b4dfcff3daf2fa40f542ed61dc249a34efedce0e54383b6296e02

  • Size

    7.1MB

  • Sample

    240526-fwh27sgb71

  • MD5

    28a8316f1ba25e6d8ffc896d1a91b581

  • SHA1

    608a0c078062256f4c6862eb9a8c4af628e35661

  • SHA256

    ff6c8d6c806b4dfcff3daf2fa40f542ed61dc249a34efedce0e54383b6296e02

  • SHA512

    6ef3a0b7701a07c12018da4e6efd18ac5777e144bc0c71acd4bec66ea83f010d01fd9139b20b83fc5d4ad7ce518131fe48eef7076fba329b1e1a4ef0725bc1cf

  • SSDEEP

    98304:EbGkSM3n+WYFSLUhjquhPf6anUQRRLu6C+YTF3q9SzNx06evtwL485wFal6Ma:YGKn5ovhjLFSan1ugYXNYOLZN8

Malware Config

Targets

    • Target

      ff6c8d6c806b4dfcff3daf2fa40f542ed61dc249a34efedce0e54383b6296e02

    • Size

      7.1MB

    • MD5

      28a8316f1ba25e6d8ffc896d1a91b581

    • SHA1

      608a0c078062256f4c6862eb9a8c4af628e35661

    • SHA256

      ff6c8d6c806b4dfcff3daf2fa40f542ed61dc249a34efedce0e54383b6296e02

    • SHA512

      6ef3a0b7701a07c12018da4e6efd18ac5777e144bc0c71acd4bec66ea83f010d01fd9139b20b83fc5d4ad7ce518131fe48eef7076fba329b1e1a4ef0725bc1cf

    • SSDEEP

      98304:EbGkSM3n+WYFSLUhjquhPf6anUQRRLu6C+YTF3q9SzNx06evtwL485wFal6Ma:YGKn5ovhjLFSan1ugYXNYOLZN8

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks