General
-
Target
360_Total_Security_2024.rar
-
Size
74.2MB
-
Sample
240604-qadwgahb44
-
MD5
cf60ee74a0732a33a5c9b39c18a8385f
-
SHA1
7638d304c6d429002f85c53a84fd91437402a79e
-
SHA256
37aec8a62eff59f3a184e37da2ea6655a045b980d931144867495434d8b73316
-
SHA512
43c4179fb8d754cb851d017c33db9545e5f3a8c1c3760ea013be65ae432fc3cdd02ca094e930256ba64a9de947512c51c8e4381d00b34e64f072bbc37fe991e3
-
SSDEEP
1572864:HEtnr+9xN+s7A+sGqyLvgxqfRgpnvpMg6y5qrNOiVbPS5H:HEtmN+smeLv7RkhMg1qrNXVLw
Static task
static1
Behavioral task
behavioral1
Sample
360_Total_Security_2024.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
360_Total_Security_2024.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
360_Total_Security_2024.exe
-
Size
75.3MB
-
MD5
5a4e8b3eeba192362dabcf3ef134e4e9
-
SHA1
d53afbf16be35472f74b56979a173d2d1b695110
-
SHA256
93c9f1615c70cbd0897ff1dadb7c03a14a28aebf684c298580d7343165507197
-
SHA512
25d416b46caa0b2e5fe22355e40851e6c24d46e99b8e3f1ede2e20d40864bf7bffe3fa7aaa7d2a29bca1de0152ec449131bae503dbec9292263eccfcb1fce137
-
SSDEEP
1572864:TQ7AhrChR+kJbI0o2MOYYpzu0eSFq7uYzLdE/FcUFHslnLcUl6PdBeJ/6wL:Ushe2kVI0o2VneSFq7zzCFJFUnv4Ki
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Event Triggered Execution
1Change Default File Association
1Defense Evasion
Modify Registry
5Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1