General

  • Target

    6924d0f8c283eaf70578ff7f704acb7a51fd022f87d50d133fef31acb1195686

  • Size

    5.2MB

  • Sample

    240612-q611wa1cnn

  • MD5

    a255c9e6a2bb059252fb98c556357102

  • SHA1

    65c6fd7aa09cdafd35b583f3beac05e33158578a

  • SHA256

    6924d0f8c283eaf70578ff7f704acb7a51fd022f87d50d133fef31acb1195686

  • SHA512

    aea432c1dd4fde77df2fa503fea6d9e0052f77a91797ebed2a8a311fead76f4bfb3b661e0527610f6bb287434daffa16a461377d2d34e7310994e07064eee033

  • SSDEEP

    98304:MXWL95fDNHhWVYIRLns5R5rhRNb0cE+SA8tNmef9ycNBg8RCkR5:MXWLNBWaIlnWHRWcfbQAIxf9IK

Malware Config

Targets

    • Target

      6924d0f8c283eaf70578ff7f704acb7a51fd022f87d50d133fef31acb1195686

    • Size

      5.2MB

    • MD5

      a255c9e6a2bb059252fb98c556357102

    • SHA1

      65c6fd7aa09cdafd35b583f3beac05e33158578a

    • SHA256

      6924d0f8c283eaf70578ff7f704acb7a51fd022f87d50d133fef31acb1195686

    • SHA512

      aea432c1dd4fde77df2fa503fea6d9e0052f77a91797ebed2a8a311fead76f4bfb3b661e0527610f6bb287434daffa16a461377d2d34e7310994e07064eee033

    • SSDEEP

      98304:MXWL95fDNHhWVYIRLns5R5rhRNb0cE+SA8tNmef9ycNBg8RCkR5:MXWLNBWaIlnWHRWcfbQAIxf9IK

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Tasks