General
-
Target
2024-08-08_3781ce7aa4b0516d0d34e319426f1171_moonbounce_ryuk
-
Size
14.6MB
-
Sample
240808-yslm2ayell
-
MD5
3781ce7aa4b0516d0d34e319426f1171
-
SHA1
bf54422d2de53c4fe1397382ce188ac412e6c668
-
SHA256
e8d786577061f8b771e8dc4327d8a456e5e0aca5de42453672d20842a8413dd9
-
SHA512
af30bfcc8f31af3433ab847b86f566a60b6349f74c55a39c31a3846e53e08c44ae136090f4e1a0d0ec42680890ab4fdc30b8601b2dfd0e44f9bd09ac58049ec7
-
SSDEEP
196608:XyfE81fmwzIbkM3MYpLn90O5DfgIs5mFwFILAifU3WAsaVVKdmls7t:+z1KMYpr9FDfgIw9icmAse
Malware Config
Targets
-
-
Target
2024-08-08_3781ce7aa4b0516d0d34e319426f1171_moonbounce_ryuk
-
Size
14.6MB
-
MD5
3781ce7aa4b0516d0d34e319426f1171
-
SHA1
bf54422d2de53c4fe1397382ce188ac412e6c668
-
SHA256
e8d786577061f8b771e8dc4327d8a456e5e0aca5de42453672d20842a8413dd9
-
SHA512
af30bfcc8f31af3433ab847b86f566a60b6349f74c55a39c31a3846e53e08c44ae136090f4e1a0d0ec42680890ab4fdc30b8601b2dfd0e44f9bd09ac58049ec7
-
SSDEEP
196608:XyfE81fmwzIbkM3MYpLn90O5DfgIs5mFwFILAifU3WAsaVVKdmls7t:+z1KMYpr9FDfgIw9icmAse
Score10/10-
UAC bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Netsh Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
1Pre-OS Boot
1Bootkit
1