General

  • Target

    654ec1b0f069965200d518da38e327d7512d4622448860231d61524f18a824fa

  • Size

    5.2MB

  • Sample

    240612-qyfd7szhnl

  • MD5

    d14dac4cc9f4c9689478a1f7353514c8

  • SHA1

    0bf45066011653d2dd9754ffe98af4bf7142073d

  • SHA256

    654ec1b0f069965200d518da38e327d7512d4622448860231d61524f18a824fa

  • SHA512

    4a0aca4f75895a9e4c5c825f8c3dd40dbd127e7e70879c46b4632435e9b508e207d0892774f703f940510e441494396a00847e294d7320bb8927561a301b9d54

  • SSDEEP

    98304:pXWL95fDNHhWVYIRLns5R5rhRNb0cE+SA8tNmef9ycNBg8RCkR5:pXWLNBWaIlnWHRWcfbQAIxf9IK

Malware Config

Targets

    • Target

      654ec1b0f069965200d518da38e327d7512d4622448860231d61524f18a824fa

    • Size

      5.2MB

    • MD5

      d14dac4cc9f4c9689478a1f7353514c8

    • SHA1

      0bf45066011653d2dd9754ffe98af4bf7142073d

    • SHA256

      654ec1b0f069965200d518da38e327d7512d4622448860231d61524f18a824fa

    • SHA512

      4a0aca4f75895a9e4c5c825f8c3dd40dbd127e7e70879c46b4632435e9b508e207d0892774f703f940510e441494396a00847e294d7320bb8927561a301b9d54

    • SSDEEP

      98304:pXWL95fDNHhWVYIRLns5R5rhRNb0cE+SA8tNmef9ycNBg8RCkR5:pXWLNBWaIlnWHRWcfbQAIxf9IK

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Tasks