General

  • Target

    2e0d83227e225edc8af7fce8d053fff44355464c70aeb48f1290da18e2909f7f

  • Size

    1.6MB

  • Sample

    240612-v6xqnsxcnp

  • MD5

    3647d2bb3ee34a4244e4cfc7bdd5c219

  • SHA1

    f72bec4db0ac810a6cb57f7ea3d5ace7e2b832cd

  • SHA256

    2e0d83227e225edc8af7fce8d053fff44355464c70aeb48f1290da18e2909f7f

  • SHA512

    eb7ed9749e69a75f105436c7745d9b2ae456ae52cb0e522b8dd882c83f318ffdf1e316be61fa4a1f54400c52117fbf25cf9f6f3c351da0b58ec9b94e685e239f

  • SSDEEP

    24576:RUolrU/JboM0lO/lm2nNPYs/9WHy5gCkIurDsD7eXGzLervxqA9vrEH7e3:dl4/BvOMm2nhL/9UyGDsD7SGzLezUI

Malware Config

Targets

    • Target

      2e0d83227e225edc8af7fce8d053fff44355464c70aeb48f1290da18e2909f7f

    • Size

      1.6MB

    • MD5

      3647d2bb3ee34a4244e4cfc7bdd5c219

    • SHA1

      f72bec4db0ac810a6cb57f7ea3d5ace7e2b832cd

    • SHA256

      2e0d83227e225edc8af7fce8d053fff44355464c70aeb48f1290da18e2909f7f

    • SHA512

      eb7ed9749e69a75f105436c7745d9b2ae456ae52cb0e522b8dd882c83f318ffdf1e316be61fa4a1f54400c52117fbf25cf9f6f3c351da0b58ec9b94e685e239f

    • SSDEEP

      24576:RUolrU/JboM0lO/lm2nNPYs/9WHy5gCkIurDsD7eXGzLervxqA9vrEH7e3:dl4/BvOMm2nhL/9UyGDsD7SGzLezUI

    • Modifies AppInit DLL entries

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Tasks