General

  • Target

    7ddfa6f44a60f4b894321f6977f8121cfb371c3c61ac872c58ba61fd5ee13deb.exe

  • Size

    781KB

  • Sample

    240821-mlvrkstcmb

  • MD5

    0385a7819daa6375061e698f889327af

  • SHA1

    184a2433958468b58de460d7d1b60592b6ea4ac5

  • SHA256

    7ddfa6f44a60f4b894321f6977f8121cfb371c3c61ac872c58ba61fd5ee13deb

  • SHA512

    b3a01f12e9cec492eb37881c8a8b0aa75493b84b417c5a84ab57b85011e7f4982c6366032ee16f65147d5a63318bef25476a316bc4272ec2b2171501b724704f

  • SSDEEP

    12288:xuvR3QUb4Zk4OwdTGXAG6aORLo5hnyRIA:CzbONdiwOhnU

Malware Config

Targets

    • Target

      7ddfa6f44a60f4b894321f6977f8121cfb371c3c61ac872c58ba61fd5ee13deb.exe

    • Size

      781KB

    • MD5

      0385a7819daa6375061e698f889327af

    • SHA1

      184a2433958468b58de460d7d1b60592b6ea4ac5

    • SHA256

      7ddfa6f44a60f4b894321f6977f8121cfb371c3c61ac872c58ba61fd5ee13deb

    • SHA512

      b3a01f12e9cec492eb37881c8a8b0aa75493b84b417c5a84ab57b85011e7f4982c6366032ee16f65147d5a63318bef25476a316bc4272ec2b2171501b724704f

    • SSDEEP

      12288:xuvR3QUb4Zk4OwdTGXAG6aORLo5hnyRIA:CzbONdiwOhnU

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks