General

  • Target

    2024-06-12_6e30d4e845d590111302e350b847791d_bkransomware_karagany

  • Size

    1.8MB

  • Sample

    240612-sfx8eazanc

  • MD5

    6e30d4e845d590111302e350b847791d

  • SHA1

    d58bf8f05a93d5cb31fa9ce297f3ff77262f1dc8

  • SHA256

    fc3cd301f0ff15fcdc1a608aa0f4bade2345205f96f982a19f8ff0a06db6b017

  • SHA512

    61ba2a9f8090d88526023d9c0d4afccb2f8b05da64c3b454a05354de2f45cdd8061ddeb80910de919efb0e43e353199d1415a4e44995559017a9372e6cfeb61a

  • SSDEEP

    24576:ePPuyt09l71Xl65v+JmJuyOC3dCasolj5PRU9xW5Q7wQA5iF7k814QGl6ezyUtKO:e3uyt0/6mmpwK5X5Q7nS3Jt4SfRXach

Malware Config

Targets

    • Target

      2024-06-12_6e30d4e845d590111302e350b847791d_bkransomware_karagany

    • Size

      1.8MB

    • MD5

      6e30d4e845d590111302e350b847791d

    • SHA1

      d58bf8f05a93d5cb31fa9ce297f3ff77262f1dc8

    • SHA256

      fc3cd301f0ff15fcdc1a608aa0f4bade2345205f96f982a19f8ff0a06db6b017

    • SHA512

      61ba2a9f8090d88526023d9c0d4afccb2f8b05da64c3b454a05354de2f45cdd8061ddeb80910de919efb0e43e353199d1415a4e44995559017a9372e6cfeb61a

    • SSDEEP

      24576:ePPuyt09l71Xl65v+JmJuyOC3dCasolj5PRU9xW5Q7wQA5iF7k814QGl6ezyUtKO:e3uyt0/6mmpwK5X5Q7nS3Jt4SfRXach

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Discovery

System Information Discovery

2
T1082

Tasks