General
-
Target
wps_office_inst.exe
-
Size
5.5MB
-
Sample
240612-kxwf5swhqr
-
MD5
374f077b74762d300c35b62947d9738e
-
SHA1
316f2577ac4e911543fc6fc1279034952d5f0f84
-
SHA256
45ee781e271d0483d777a55544ccd44a9490ad26f533dc89816c068adb61ccb6
-
SHA512
dc580db7a7d2cf4c4d3b24e5375762048d6feddd00f3201b7f2236634b6c5d909f6833056a82a318b15876a28de2aafa22e8e0d99c2960d1a3e15a02972dc60b
-
SSDEEP
98304:3eF0/sAT4mGfckjASn3ZCto1N1BpxgTuiN54AR6K8OU/ha27:sSsATN+V3k0pxMkAR8ZN
Static task
static1
Behavioral task
behavioral1
Sample
wps_office_inst.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
wps_office_inst.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
wps_office_inst.exe
-
Size
5.5MB
-
MD5
374f077b74762d300c35b62947d9738e
-
SHA1
316f2577ac4e911543fc6fc1279034952d5f0f84
-
SHA256
45ee781e271d0483d777a55544ccd44a9490ad26f533dc89816c068adb61ccb6
-
SHA512
dc580db7a7d2cf4c4d3b24e5375762048d6feddd00f3201b7f2236634b6c5d909f6833056a82a318b15876a28de2aafa22e8e0d99c2960d1a3e15a02972dc60b
-
SSDEEP
98304:3eF0/sAT4mGfckjASn3ZCto1N1BpxgTuiN54AR6K8OU/ha27:sSsATN+V3k0pxMkAR8ZN
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Pre-OS Boot
1Bootkit
1Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1