General

  • Target

    Winpoison.exe

  • Size

    1.2MB

  • Sample

    240810-wdrjmazgkr

  • MD5

    be12096cef9070ae798a5af8d9fcad51

  • SHA1

    63076c2c2e71b884486b9d7844e4d0e5b04bbaef

  • SHA256

    f0eb7ad85621ef094e965c8fc1d8d21d2cd66ff2bcb2263d0a035c26647916f8

  • SHA512

    5092b069d86c56ac554845c91e6bd928fb4e597207e5885e707751de701aff7231e0de7168b97521a7b356835700f1f15c13dab30cca2b1be1582238fdff574e

  • SSDEEP

    12288:vmB+MU2pN1sj7faqMIROTRVNB/CBSe/ivi3Q0PEJViXhRZvHmm/7CxrWd6TQBoIr:JMU2pN1sj7faqM59CPEJIZvGfQBR

Malware Config

Targets

    • Target

      Winpoison.exe

    • Size

      1.2MB

    • MD5

      be12096cef9070ae798a5af8d9fcad51

    • SHA1

      63076c2c2e71b884486b9d7844e4d0e5b04bbaef

    • SHA256

      f0eb7ad85621ef094e965c8fc1d8d21d2cd66ff2bcb2263d0a035c26647916f8

    • SHA512

      5092b069d86c56ac554845c91e6bd928fb4e597207e5885e707751de701aff7231e0de7168b97521a7b356835700f1f15c13dab30cca2b1be1582238fdff574e

    • SSDEEP

      12288:vmB+MU2pN1sj7faqMIROTRVNB/CBSe/ivi3Q0PEJViXhRZvHmm/7CxrWd6TQBoIr:JMU2pN1sj7faqM59CPEJIZvGfQBR

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks