General

  • Target

    Octane.zip

  • Size

    13KB

  • Sample

    240811-q5kmhawfpg

  • MD5

    4f4c765a8228f1b3ba706a272b5d2469

  • SHA1

    7ab00387bb58fe620ee78c8f9f3411d1588165df

  • SHA256

    e1fb6e9d960db9b5c2135225a02af00222575683cea226ad8f862d357ec3b0c8

  • SHA512

    521c48ee6ba86b56ec7cbb988cb01442ff2c4d6af0ebc117b4272ac2be83790e82281542f71f62d5ba0045953d8d7694d38be0d0e74011f679bdab045f55b39b

  • SSDEEP

    192:6LuWeJBcwl8l0tugXpJQW+V2F00IJ5iBcCzuU9/B5xaXN57nIRVCvW4ZFD2WEjh1:LWAlopq4qF9eGcC44VCvW6Srhf9

Malware Config

Targets

    • Target

      OctaneBootstrapper.exe

    • Size

      55KB

    • MD5

      0e554bfcc718c96302f81f4fefd31163

    • SHA1

      71d976f98658153267d426aa90eed0803b58cfcd

    • SHA256

      cb800cc9a220ac17e8f222b8c33f4afcc92b6d17b5453e19be99705806c32dc2

    • SHA512

      6e8840c0ab09673c90a25cabf3af87322b38bbd6bb25d871c0f65d342e60845bedca50c7fdf1f3fc24bb3a41fe15e22cb4ed9101bc6022b5c2b356c3f1abc1fb

    • SSDEEP

      768:Pva3Z8Jvd0SVFip0FBtiwyRWh+0HVc6K:Pi3ZKLhtifRFMVcl

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Network Share Discovery

      Attempt to gather information on host network.

MITRE ATT&CK Enterprise v15

Tasks