General
-
Target
20c7ff891dd2101346ff655d5c3d357eb9ee7e25cae29611b41bcf777699a448
-
Size
97KB
-
Sample
240611-x7anmsydqk
-
MD5
0cc1b41982eecb7533bac9d6e4dcc697
-
SHA1
c3718bb311c5a93d1cce4e36270da40e8ba0d7c4
-
SHA256
20c7ff891dd2101346ff655d5c3d357eb9ee7e25cae29611b41bcf777699a448
-
SHA512
7472f1d09d30ebc98f61f4dcdb33c8162e5b264a9b6869fda10b18c83eb95dc0953fdee21abc2b970189ea662c145a228d91359df6d8104454e7929a1bb43256
-
SSDEEP
3072:IK4RNx6nb4RoIw/XBSeral6oaE0HGnvXuEOrc0p:Il6XYeel6GGGVO
Static task
static1
Behavioral task
behavioral1
Sample
20c7ff891dd2101346ff655d5c3d357eb9ee7e25cae29611b41bcf777699a448.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
20c7ff891dd2101346ff655d5c3d357eb9ee7e25cae29611b41bcf777699a448.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
20c7ff891dd2101346ff655d5c3d357eb9ee7e25cae29611b41bcf777699a448
-
Size
97KB
-
MD5
0cc1b41982eecb7533bac9d6e4dcc697
-
SHA1
c3718bb311c5a93d1cce4e36270da40e8ba0d7c4
-
SHA256
20c7ff891dd2101346ff655d5c3d357eb9ee7e25cae29611b41bcf777699a448
-
SHA512
7472f1d09d30ebc98f61f4dcdb33c8162e5b264a9b6869fda10b18c83eb95dc0953fdee21abc2b970189ea662c145a228d91359df6d8104454e7929a1bb43256
-
SSDEEP
3072:IK4RNx6nb4RoIw/XBSeral6oaE0HGnvXuEOrc0p:Il6XYeel6GGGVO
Score9/10-
Detects executables containing base64 encoded User Agent
-
UPX dump on OEP (original entry point)
-
Blocklisted process makes network request
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1