General
-
Target
bots.mkv
-
Size
3.7MB
-
Sample
240817-hmxkcawbpr
-
MD5
e060a072bfd42c7ac5bcb00834752b87
-
SHA1
b595268c3a843f985ead80074fdaa90e06d2eb69
-
SHA256
0be479a9f07daedfdb785efa9f3543d947b0f28412de94397c13abb91dd9f377
-
SHA512
66475b55562d2cc2b7ba15ef4a28a8e106866ee5508ac0947d747d8d4dd700c3822e2f6eeab16b7c3e2f7bbcafdaede43dda5267b4812720e6d184b2d7af18c8
-
SSDEEP
49152:8g1Zsb+kJ8itAy4GaLhRVAe69eXDwK0uKWrIdnchPnybwv8+T9p:84uQLx8TWrIdnchabwNT9p
Static task
static1
Behavioral task
behavioral1
Sample
bots.mkv
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
bots.mkv
-
Size
3.7MB
-
MD5
e060a072bfd42c7ac5bcb00834752b87
-
SHA1
b595268c3a843f985ead80074fdaa90e06d2eb69
-
SHA256
0be479a9f07daedfdb785efa9f3543d947b0f28412de94397c13abb91dd9f377
-
SHA512
66475b55562d2cc2b7ba15ef4a28a8e106866ee5508ac0947d747d8d4dd700c3822e2f6eeab16b7c3e2f7bbcafdaede43dda5267b4812720e6d184b2d7af18c8
-
SSDEEP
49152:8g1Zsb+kJ8itAy4GaLhRVAe69eXDwK0uKWrIdnchPnybwv8+T9p:84uQLx8TWrIdnchabwNT9p
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1