General
-
Target
var.exe
-
Size
18.8MB
-
Sample
240614-v9pt8szgkd
-
MD5
6698607b344b047affb9f66a6179ac4a
-
SHA1
0dc3ef2cd2ffe3a4c52c6fd01a5501d7b84ae8d6
-
SHA256
a12cb2d529a95798160114bdb6fb389553d3cc1d8bd10a5c8295d5a0c74e257c
-
SHA512
9cc65d4b81fd0462b415ecb6cd978b48b23e0665eaf6b51348be8060f93e16a900a7a32e3560b9f3ef49c3f226f6b43e6962d1fc1ca90206f12186837c53fcbe
-
SSDEEP
393216:IzMgOJRWTBOoNKzgDBxPo4qzTR/lxzQWfrbjlPmJ4gAYCSOXIfbjWp:CMgOJRWT5K0xPdqzhQWTbxeJ4OIXYWp
Static task
static1
Behavioral task
behavioral1
Sample
var.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
var.exe
-
Size
18.8MB
-
MD5
6698607b344b047affb9f66a6179ac4a
-
SHA1
0dc3ef2cd2ffe3a4c52c6fd01a5501d7b84ae8d6
-
SHA256
a12cb2d529a95798160114bdb6fb389553d3cc1d8bd10a5c8295d5a0c74e257c
-
SHA512
9cc65d4b81fd0462b415ecb6cd978b48b23e0665eaf6b51348be8060f93e16a900a7a32e3560b9f3ef49c3f226f6b43e6962d1fc1ca90206f12186837c53fcbe
-
SSDEEP
393216:IzMgOJRWTBOoNKzgDBxPo4qzTR/lxzQWfrbjlPmJ4gAYCSOXIfbjWp:CMgOJRWT5K0xPdqzhQWTbxeJ4OIXYWp
-
Creates new service(s)
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Pre-OS Boot
1Bootkit
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Pre-OS Boot
1Bootkit
1