General
-
Target
Atomic.exe
-
Size
5.7MB
-
Sample
240526-m8cvaagh69
-
MD5
2d3298af0929b57dbb134a5b007a104a
-
SHA1
176bdf1ea1361b45d405bc9a767cda0f14d65b4f
-
SHA256
685d34d66d6361756ff4cc66270dbafe519b2c8abf0642d08a5541e4e097ba39
-
SHA512
8b866c9395eb6b668e94c702742c66bfe2576cf8c5c8cf72bcfb471165c1e082d774e131159a9f1a49006675118c03e1e5ceacd60fe032945a5a874e9b8f5334
-
SSDEEP
98304:nabOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTlC:ncObAbN0j
Static task
static1
Behavioral task
behavioral1
Sample
Atomic.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Atomic.exe
-
Size
5.7MB
-
MD5
2d3298af0929b57dbb134a5b007a104a
-
SHA1
176bdf1ea1361b45d405bc9a767cda0f14d65b4f
-
SHA256
685d34d66d6361756ff4cc66270dbafe519b2c8abf0642d08a5541e4e097ba39
-
SHA512
8b866c9395eb6b668e94c702742c66bfe2576cf8c5c8cf72bcfb471165c1e082d774e131159a9f1a49006675118c03e1e5ceacd60fe032945a5a874e9b8f5334
-
SSDEEP
98304:nabOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrTlC:ncObAbN0j
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-