General
-
Target
WinRAR-Archiv (neu) (2).rar
-
Size
1.4MB
-
Sample
240612-wx6snaydlk
-
MD5
b7be5a5aae49f249ee312439bb70493c
-
SHA1
d010a23cffeb011b63908fb793e31087f4ff35e5
-
SHA256
8bdb5fc2e050c3ad42a6ec38b857a784857335f947c7894f5114945b15588bb7
-
SHA512
147091fcea84428ba5a7577e4d032346bb400720763676d1a4dc307e0979d0176d71429c17e45025e4b5ec66943a55b59ee46fb260c1f855e600876b400372fe
-
SSDEEP
24576:mHGe41ekIm2yi/shHPLWqbyBXqHm9KvOHVdW6X1WsUY068NA7Ue6oD:mHGH7Im2yi0hvLWqbDHm421dWxsv0PNC
Behavioral task
behavioral1
Sample
WinRAR-Archiv (neu) (2).rar
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Bitmap2.exe
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
ColorCs.exe
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
MS 0735.6+7421.exe
Resource
win7-20240419-en
Behavioral task
behavioral5
Sample
RingHeads32.exe
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
TEST.exe
Resource
win7-20240611-en
Behavioral task
behavioral7
Sample
TEST1.exe
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
destr3ktdows.exe
Resource
win7-20240611-en
Behavioral task
behavioral9
Sample
dhjfxtyyz0.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
WinRAR-Archiv (neu) (2).rar
-
Size
1.4MB
-
MD5
b7be5a5aae49f249ee312439bb70493c
-
SHA1
d010a23cffeb011b63908fb793e31087f4ff35e5
-
SHA256
8bdb5fc2e050c3ad42a6ec38b857a784857335f947c7894f5114945b15588bb7
-
SHA512
147091fcea84428ba5a7577e4d032346bb400720763676d1a4dc307e0979d0176d71429c17e45025e4b5ec66943a55b59ee46fb260c1f855e600876b400372fe
-
SSDEEP
24576:mHGe41ekIm2yi/shHPLWqbyBXqHm9KvOHVdW6X1WsUY068NA7Ue6oD:mHGH7Im2yi0hvLWqbDHm421dWxsv0PNC
Score3/10 -
-
-
Target
Bitmap2.exe
-
Size
449KB
-
MD5
e6fde1d03e517023456a524254a4ab1c
-
SHA1
18cc63ea206412e6e95e930e3c907d9e4ccdc828
-
SHA256
17c3a80b3b0b77c77132e17ae27372cf7f34bc2ffbdbdaa9026286fd04ced3ef
-
SHA512
31a2f65c7b69da483c96bf0b57397ee318b1035dc165835b26a07e14918b5e02e4494a1f6552182fdb0ed8c2bf3adab4a899fb1716ec51b90d7875f327906d45
-
SSDEEP
3072:f+0q7Do7FBdCGPVHzzgd2HPVVf9AebuLFfK9s7I/mkltK4L6INgDd9zqi3lhai6t:f+0kDUrak9gorrUq6ai3lx/
Score8/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
ColorCs.exe
-
Size
356KB
-
MD5
064731f13b394e422bd0efe9e90f4e11
-
SHA1
7dad29243267bf00c2f2a471977f3414334d7e1a
-
SHA256
c17a9219955b64f8787fc34f53391c921457307bc077419af0b848d64a4544a4
-
SHA512
413a30376a28ff631a08c176370920726501f43bccaaf0e6cade769d0cee1a7cc48885e756978d8c41e43af8a5d62dde30ce8cefc40e3679f8c3d18d1083ed9e
-
SSDEEP
3072:Qu3oxns7CGPVHzzgd2HPVVf9AebuLFfK9s7IaRxNgD6NZb5T9aaJQtF5HUkIG9yp:fYxqrak9gorux6Cht9eUkkht95Ukq/
Score8/10-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
-
-
Target
MS 0735.6+7421.exe
-
Size
171KB
-
MD5
b13850aceaf6c1ee66c61bc94135fa25
-
SHA1
f23280f6bec2f097ddf77b97bb19b643a2c5a80b
-
SHA256
ae2a43a7d58e9766fac59032ba1ecf1df7866ce5bc09b879c6bb111036789ed2
-
SHA512
d4344edb6e4a460e162169e5621fbf851538c70c6489cca034d1600c3a9a677e8cfa0607e464ea8de3a22066928f540833bc10bf18ae3b1ec7e9147c0d3a897b
-
SSDEEP
3072:GCmnJfQORyjZZcmGl40SWY6iEmoQVuMl:GlfQOGQcDVrl
Score8/10-
Disables Task Manager via registry modification
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
RingHeads32.exe
-
Size
923KB
-
MD5
588737b0ad63cd1c3b367b6769f8f3d2
-
SHA1
4f13cd9d31b619f95afa05325d61be54a7b0ba24
-
SHA256
da6422cd3f07ce7379c0304640e20d4d0be8d3f7c4cb3f4c715b9e162c51dbe4
-
SHA512
e6e0050e272378059845cc51199df2493245f0ebbc7ab5a2ccc1deea02cb37865b7003a1f903d6452ed1d1029c0a27bfd7cd8667d6565a563e08e869b7855f90
-
SSDEEP
12288:eyXDNXQoPpYxmppnkuYDhpYwOccrgB3VNn4WcW73VG7Cjv/56VHB1EZZY45R9OZT:p5Dm8nCb9OrriY/y3Vxv/5i70Z/lMj
Score10/10-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
-
-
Target
TEST.exe
-
Size
61KB
-
MD5
1fc7057e3a64fb047aa9563f31b37523
-
SHA1
20840be5360448889dc7d2a61b29d82ec7ff922f
-
SHA256
e9e653de560c457f3955f7dbdb4384b3cb938fc800cbfa2d0f298d1d1ff4d259
-
SHA512
14d1e60fe35bb87f3ee3202609b9505c7496633f0365f425ac2f9df4afa6d13b4fafa97f79a9fadb5e09c9a8cac7508bc17b249ba0d8633ac4220899ae11f623
-
SSDEEP
1536:KEiBwAw/cGYQi1y2QNAx1FcLD12Qs7yGVd7Ulnouy8B+IR2Lp:8B9wUGYQN2XD6UdYoutB+IEl
-
Drops file in System32 directory
-
-
-
Target
TEST1.exe
-
Size
61KB
-
MD5
17652b12276e49894bd809c94046c026
-
SHA1
a11ead44c1a6d22cb76b48a33e86aff12368e7cb
-
SHA256
a44f5ce561a6a1f40210df4069da321e8150092a2dd6d3d2189e3e13945cf66d
-
SHA512
b0824d4d3cf3b8ad2ed8b58607f3cc10f70fc21cb841511598ead0847acdac73f631176dc1fa4c89b3c1383b19097c828d765afe0665b5b451d62de70f3b6b3d
-
SSDEEP
1536:nEiBwAw/cGYQi1y2QNAx1FcLD12Qs7yGVd7Usnouy8yIR2Lp:dB9wUGYQN2XD6UdJoutyIEl
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
-
-
Target
destr3ktdows.exe
-
Size
50KB
-
MD5
411304a605b942a2f111831782bc5fca
-
SHA1
e56ed02610f213390bf3e445a87e458f23f037ed
-
SHA256
50deeaa3b874d665af30c6f574fe3715e7693636228d19f22c99dd43705373c3
-
SHA512
f986e3a3ffbb7840f1c129ac99846fbee1b939b9addadc0b73ab6c1c39266d492af3f112d8f19b0e9662710afc33537766a490fa7f14d27c3eff0b2afea83d85
-
SSDEEP
384:DvTTvzABJKYpcu3LlKeTmkm0xoQ8npKQD9DCN6D7zrt:Dvf7sJKYpcu33bxoQ+v5D7P
Score8/10-
Disables Task Manager via registry modification
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
dhjfxtyyz0.exe
-
Size
287KB
-
MD5
bbc99b4ceb03acc5ee62058fd456da45
-
SHA1
a64b4305b041d32d1f4701183ae02f495bbd9911
-
SHA256
cdbec8af54e3f82ae6c1339abf33186ee47d8e0a320e9c2fbee8e5f2ac13d090
-
SHA512
bd281d750d23b77ef4835ad2db8c03fbdadca3c52de412e27e843073f582a7e0020629bed140439863d36fed79a1f9b77ea4431440d0340258e69430c85cc88a
-
SSDEEP
3072:JFWheprUakbY8QcSwQProQOrjOsGdMbnruHKO0qdYJOqKRoLIRR:MWrh6DQcSLTmrjOsGOb9O0qdFqKqs
Score8/10-
Disables Task Manager via registry modification
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
Scheduled Task/Job
3Command and Scripting Interpreter
2PowerShell
2System Services
2Service Execution
2Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Pre-OS Boot
5Bootkit
5Scheduled Task/Job
3Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
3Abuse Elevation Control Mechanism
2Bypass User Account Control
2Create or Modify System Process
2Windows Service
2Defense Evasion
Modify Registry
13Pre-OS Boot
5Bootkit
5Abuse Elevation Control Mechanism
2Bypass User Account Control
2Impair Defenses
4Disable or Modify Tools
2