General
-
Target
bitcomet_setup.exe
-
Size
2.5MB
-
Sample
240818-tvv72avhrm
-
MD5
3cb0739401d24b6bc0c65e337e15c104
-
SHA1
aefca0e1d01e9ffecd8cc2a0c9dc495d6f5fe9d8
-
SHA256
48053935a1b62d13f2a1301d42a3be930bb4718e8476c32b5050512209fdb3bb
-
SHA512
09614a891e2a8bdc00f4ecf717490a5fe3c1f6607d732eddd1c6a31a10a8759d9b17d5d80f2db40c05b502f9c12d5d674321d17dfa22cc7cb6077ae70cd46251
-
SSDEEP
49152:vqe3f6oq1tmZkXd/METL9lzPIu0JrIIpJ6ez0kTkkaQ:SSio4MZkXd/XHP50JrIIyeYWkkaQ
Malware Config
Targets
-
-
Target
bitcomet_setup.exe
-
Size
2.5MB
-
MD5
3cb0739401d24b6bc0c65e337e15c104
-
SHA1
aefca0e1d01e9ffecd8cc2a0c9dc495d6f5fe9d8
-
SHA256
48053935a1b62d13f2a1301d42a3be930bb4718e8476c32b5050512209fdb3bb
-
SHA512
09614a891e2a8bdc00f4ecf717490a5fe3c1f6607d732eddd1c6a31a10a8759d9b17d5d80f2db40c05b502f9c12d5d674321d17dfa22cc7cb6077ae70cd46251
-
SSDEEP
49152:vqe3f6oq1tmZkXd/METL9lzPIu0JrIIpJ6ez0kTkkaQ:SSio4MZkXd/XHP50JrIIyeYWkkaQ
Score9/10-
Contacts a large (18425) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks whether UAC is enabled
-
Downloads MZ/PE file
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1