General

  • Target

    64972fe0da09081ef0d7e670413bbb03.bin

  • Size

    1.4MB

  • Sample

    240617-b41vrssfqj

  • MD5

    0bda7b04aaa302f5c46c667486f2b5f4

  • SHA1

    02f0a1428a12faee9be4bb6c02e0d3250b364bfc

  • SHA256

    25917f328fd91a2f54b6155697f8118346cc8f732d289db667d4eca402903893

  • SHA512

    f248959abf777e6926003d2eb4f3fc77d798d6a2335aa9d58cb8865da35a30a1b862923405a09a1ecbe8ea553d258f87aea01a12b0efa7d115525b8e9a8ee012

  • SSDEEP

    24576:huyZWgy8f9r6sEEFNSK71KMZ0Wxdbf/Y2bKMhEzpPfIc5jGe9+E75EMEvyf2ll:pWSf9esE2v1KMZt/lEz1fHGe9+E75Iy8

Malware Config

Targets

    • Target

      6d27a4abf0b2438f8d5cf4f6ada7798be1b8208d36674705252c631dd6f844e9.exe

    • Size

      1.5MB

    • MD5

      64972fe0da09081ef0d7e670413bbb03

    • SHA1

      0b42848a45e3c890613e46bb647efb39c19d6cb1

    • SHA256

      6d27a4abf0b2438f8d5cf4f6ada7798be1b8208d36674705252c631dd6f844e9

    • SHA512

      c72be206fe7d3832b93af5b250f7ebe2f55c5690462604ee4c693915254c739da193609c34d1124cbd10e64b88447eb8c5099e1324a023a2565b5e4e0aa76ba7

    • SSDEEP

      24576:JTcPTNrdAcGwqV4aUxuxWQMnGVrZ58wrU02Q/CH+lHRm3nYJlX:INrKcGwqLUxuxWQMS3IbiS+p6nYTX

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      3KB

    • MD5

      8614c450637267afacad1645e23ba24a

    • SHA1

      e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    • SHA256

      0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    • SHA512

      af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Score
    3/10
    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      99f345cf51b6c3c317d20a81acb11012

    • SHA1

      b3d0355f527c536ea14a8ff51741c8739d66f727

    • SHA256

      c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    • SHA512

      937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Score
    3/10
    • Target

      $PLUGINSDIR/SkinBtn.dll

    • Size

      4KB

    • MD5

      e4ec95271ff1bcebab49bdfed6817a22

    • SHA1

      2c03e97f4773aea80ecdb98a1482e5896fe4677b

    • SHA256

      ee1c06692a757473737b0ebdef16f77b63afac864d0890022d905e4873737dd6

    • SHA512

      771a527133806307a1b17b7e956d6a3c16e9bc675bf084b43204ae784a057dac2726dbf90645692876043a4e7365ba8825c167621fde4760c79cd84679e2aa3d

    • SSDEEP

      48:iIf3aEDfeWm8JHFQbUrUPJJDFoetaxn/pFW3GNivz187eqzI/kMr8oX0Zbj:lv9Dfw8DQbhD2iaxn/PHmiNI/dQFZH

    Score
    3/10
    • Target

      $PLUGINSDIR/SkinProgress.dll

    • Size

      4KB

    • MD5

      cc037c4703d3ec257efeef2ce0a1a20e

    • SHA1

      b3d6cc8f687a31fb2c1a5921a38de9429af20502

    • SHA256

      888b32ecbc37ce67d4edc28d894cba0a4f4e2488cfc2212d1af011bd0bfe97ff

    • SHA512

      120bfa0a68775bef04c1863023b0e73a41982284fb36da7f497fbb7d5ed8631ad02fa09951424d339f6fefaa90a17c12f949dd68bb33bad64b1b7cace489d2a7

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/WndProc.dll

    • Size

      3KB

    • MD5

      f0cb331dd4bd92a6ebce45e7cd1cf5ef

    • SHA1

      b66ea0c10b08750295f2dc7c170b370402393214

    • SHA256

      e7b3115fa2ce4a8fa09beeefa4fb634a474197f38a2854ce9be60d0a26016458

    • SHA512

      7c33418f39b91ae0d4cc8b560f516bac293593eef539832815028878c2058bf1691c2d767a039cf312989839071f2f6f0b6d9d59835acdfff6b448bf1ffea271

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    • Target

      MouseHook.dll

    • Size

      32KB

    • MD5

      65e642f3bb79e29178688872b4a10110

    • SHA1

      46c97a21de9823b2f7b72f6498da2be29168716c

    • SHA256

      93a9a7fd3e263959a0d6a19936300b3ce25bf528f49a687e385a6ad168dedb69

    • SHA512

      ffa95cc5ed5f39c58a5c75e7b82f98a9570babc1fefdb43af835f4b8176ccc54a263ea51600bc8e3447b7d432f6f571115ddebd9933f4098d9de9fbf32b9a3d6

    • SSDEEP

      768:PHr78zW8XvCBcaxXoAapGai292OKqFqRt7+Bq:PL78zW8fCWa9C2OKqFI7Sq

    Score
    1/10
    • Target

      PrintScreen.exe

    • Size

      97KB

    • MD5

      e7500f0da2dbe54afc6b55ce9cb8cbd1

    • SHA1

      fda607e52c0f84baca873393f5c556ed4cefb388

    • SHA256

      b73a30538dac24ce73e9e7baa5e6d51e92f6b70d477d7349e1c5f1d2dd3995e0

    • SHA512

      4009978f8ae0f06ce486413582e25169d74fc676e96fb32734751e2c7ec0cce38bb367e721884ee1d8d69f726c3f191cc5eb2ecba0b47c1cbeb763116054939c

    • SSDEEP

      3072:+CpseI3XMsSFVPJsVnWOIkqOOgz5zBz5z+R:+KI3XMsSnPCnnXqOOb

    Score
    1/10
    • Target

      gamebox.exe

    • Size

      1.3MB

    • MD5

      e3b9eb80454af79599c7921741cca862

    • SHA1

      e127c45748667c325cc7db327728e19a6439c576

    • SHA256

      9627dacd4cba7a4a7ff107d96e037b20367ad21cbd9f8fddec6d006a1172df38

    • SHA512

      0f3d5105f94e414ff872534bef72705b9941081c0df9a79163fcfb66196216b7b2923ed3db46899e06972c4ae4756c5bdeaa9066c71dfa59358e71d7148fd928

    • SSDEEP

      24576:oThecuUBs2D+MoGcPlLgKaslRTM0yInTBlzIhhB2YEZ8GvkTvN29BTcuQjvi:oThD+RDLlz+hB2YEGGcTlinQjvi

    Score
    1/10
    • Target

      tabGame.exe

    • Size

      514KB

    • MD5

      3be916538ed732acd95a48e167567884

    • SHA1

      cfaf3ff172c91f7da8095a76f0956184d0c37895

    • SHA256

      2c2a0a24378274cbc825c33df18ac331cbc5500f3d17deafe0c5537da6f9a410

    • SHA512

      2af7a39ae6a8a1a2c99b65b4775a1fafa38280de88810565c4e63b74f8ee4c0f047e2ef7f860095368c7ffbf2e13b93586b1eadcd91ddb57801c0c6443103bf7

    • SSDEEP

      6144:AyfZO3pL9HO/DIFClLuI9W79VlWHm4oLc7YPngLXhHIFuFszQCTcNBV:A33pLnClNOd4oLKYPng7honTcN7

    Score
    1/10
    • Target

      uninst.exe

    • Size

      1.9MB

    • MD5

      90c57149c6bb8a6c99f561b4e1ccc608

    • SHA1

      d20a35ae806b42f62b17e4d48899d9715a519c98

    • SHA256

      7d2322f80c0c60135bd2fef4d180eee70266eac624d49aa16db757320198d203

    • SHA512

      3ba8c7056ec8b960f0776fae1b6593d2bc8460156b34a1f469561325daf031b680b9cbbec99516d88f92e753e141c9b9388ba9efdde92b6b41cf8e5a21fbbf01

    • SSDEEP

      6144:0e34wCTcFedpWdvqeWi9J1qR5fssLG47ASWLfBM5Ez64NErXDr1R8Dw5c1mx:OTcMWd0gaG0WbBMuz64WjFrx

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks