General

  • Target

    0c04e64639cde58906cbbd105a40737d236a1008ee3f5a0a89463c75aaffa197

  • Size

    1.7MB

  • Sample

    240615-w93xja1bld

  • MD5

    22aa9226f12b7b5d8f8b30af62c9d846

  • SHA1

    284c91ddb076dc85c4c54f301de7097ed65baed7

  • SHA256

    0c04e64639cde58906cbbd105a40737d236a1008ee3f5a0a89463c75aaffa197

  • SHA512

    ecae2a961c5a53b55b58ff81f54893d4401513ca06038d86dcfe58d55a5a85fb689e2b19fffe5f76bf94bfc47aba09d2a1869fc884ad5c7c1b67c717630406ff

  • SSDEEP

    49152:wd0Ik85pNzmDH86hXS2eQPfzSdQEZn3W2XWx9mf/kx:r85p6H8gSPQUrnG2XWHmm

Score
7/10

Malware Config

Targets

    • Target

      0c04e64639cde58906cbbd105a40737d236a1008ee3f5a0a89463c75aaffa197

    • Size

      1.7MB

    • MD5

      22aa9226f12b7b5d8f8b30af62c9d846

    • SHA1

      284c91ddb076dc85c4c54f301de7097ed65baed7

    • SHA256

      0c04e64639cde58906cbbd105a40737d236a1008ee3f5a0a89463c75aaffa197

    • SHA512

      ecae2a961c5a53b55b58ff81f54893d4401513ca06038d86dcfe58d55a5a85fb689e2b19fffe5f76bf94bfc47aba09d2a1869fc884ad5c7c1b67c717630406ff

    • SSDEEP

      49152:wd0Ik85pNzmDH86hXS2eQPfzSdQEZn3W2XWx9mf/kx:r85p6H8gSPQUrnG2XWHmm

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks