General
-
Target
360TS_Setup (2).rar
-
Size
86.9MB
-
Sample
240604-qbakfahb63
-
MD5
a57dae9ee159cd2acb1dc9dafc528434
-
SHA1
1731437c8445bee8edcf4fb29f9bef25008f7114
-
SHA256
f013b340c491377731eac4ce471c2eb25e069552807802dcef1a7cc3b98ce97e
-
SHA512
533b3f6ae63a6c1023ddd9d29c5b82f627b01f411d0c48c9c900bcafc29e8a46467c0004b7d147d40f86a20dd4416a390617b17fb5d8104c6d42bfacdbfd75e8
-
SSDEEP
1572864:wZm/2IPpozwLiXx7/Mg5fIG/NCozsJ9l8FUUoq9PX55h3UjTLOfwBXy64ii:wkzPpozwL+CG/NC4K8WHkPX58jsFii
Static task
static1
Behavioral task
behavioral1
Sample
360TS_Setup (2).exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
360TS_Setup (2).exe
Resource
win11-20240419-en
Malware Config
Targets
-
-
Target
360TS_Setup (2).exe
-
Size
87.9MB
-
MD5
ec961af9be76a1a6fd8a9424b735f139
-
SHA1
06baca9428e925a6178668408279a8ba80cb1885
-
SHA256
56949ef6fb9bd315a4becb68e77c3f6957614153439459ed0bdb6df5829790c2
-
SHA512
fab7c1132bca45722f127708895e2f49a950984ea8552d5024f7f91302732bce245ee4a177446684b8985bac1239cea853e4a9249f20af5f947e497f3d9104af
-
SSDEEP
1572864:6eG9mtbsUyPSg8UiTKVDeE4CdAf8PC2djNQCcz6d5uIrxaXyiYgq56:LbsUyhNZ5l4CAU62HQCRu+EiVgV
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Downloads MZ/PE file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Event Triggered Execution
1Change Default File Association
1Defense Evasion
Modify Registry
4Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1