General
-
Target
360TS_Setup.rar
-
Size
86.8MB
-
Sample
240604-qczwqagf8z
-
MD5
1996e1a375d8e7dced97bf3884862a0e
-
SHA1
5d21e4b45a8a5fbdd36ceb38a02fb0c17c2b1285
-
SHA256
95cd166bcad8a487dfc29080f0d432439b30ce2207698e52c3cde0b3d85e5b9a
-
SHA512
c1bfcfa555268e4f45b4dc65a1efae484f2b380508b6877fa5bca9078544a604b78fc489cbf9d8029a5ad8a23bd14148f006635b82495176baedf5c43dc84323
-
SSDEEP
1572864:t6AvUTSz5qMkd3oqc+ea46KVn9Yh/H5v5w0bF3wWJ6DHIg+/mExchKz7YjFy:8AvIS2ch76welfbF3D8+uEGYzWy
Static task
static1
Behavioral task
behavioral1
Sample
360TS_Setup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
360TS_Setup.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
360TS_Setup.exe
-
Size
87.8MB
-
MD5
e382377a3861ca7b82f49f169cf402bd
-
SHA1
095dbe0ec7f0ddca38797e66ca2fac4de49ff92c
-
SHA256
d3ccfcaec15b8d4cf98c10d2c1d3e3020c995a121f67819ceb40a1bf1fffd3a6
-
SHA512
7b74a44ba2f9c7a071250359713ef562da93bd1377d96bcde209d0b03d9960de1af3fdc0417101c12e01043a73b693ea4d13d1cc1e0ed256b1e86b312295ad07
-
SSDEEP
1572864:Gw4xRxg+x8lTDspJUvhzfQ4/TDlB9aBUzev9p6e5YxENUEQqPr:eRxg+x85DspSpzI4DPY5Y8xQqj
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Installed Components in the registry
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Event Triggered Execution
1Change Default File Association
1Defense Evasion
Modify Registry
5Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1