General
-
Target
6ea2344d5c50ab4c480e85fb041f35513e28455acb519d1fa0e30d9ef5bbb8a4
-
Size
3.8MB
-
Sample
240911-ebsv8s1hqd
-
MD5
f9627213686ee8e22fcb2d5e1aeb0291
-
SHA1
5fc92a11cc7405419982e004347068747c19bc50
-
SHA256
6ea2344d5c50ab4c480e85fb041f35513e28455acb519d1fa0e30d9ef5bbb8a4
-
SHA512
80e9b66778f785573f3d3e8423db6ef3ab791fbdcc2d9c5c68c5ca7fb521a900548e0607b05d000b58fb37174fc339ad52e0905bf5ef5dfba0f65c27572134ec
-
SSDEEP
98304:Ty1MlXVGt2Z6F/BZXxkIaPG1f5ebM/Cw/khc5FbKEQ26PVR7m6gZ1MRGNCyI5Ax9:TSW22sBZBkI7hebM/Cw/khc5FbKEV6PQ
Malware Config
Targets
-
-
Target
6ea2344d5c50ab4c480e85fb041f35513e28455acb519d1fa0e30d9ef5bbb8a4
-
Size
3.8MB
-
MD5
f9627213686ee8e22fcb2d5e1aeb0291
-
SHA1
5fc92a11cc7405419982e004347068747c19bc50
-
SHA256
6ea2344d5c50ab4c480e85fb041f35513e28455acb519d1fa0e30d9ef5bbb8a4
-
SHA512
80e9b66778f785573f3d3e8423db6ef3ab791fbdcc2d9c5c68c5ca7fb521a900548e0607b05d000b58fb37174fc339ad52e0905bf5ef5dfba0f65c27572134ec
-
SSDEEP
98304:Ty1MlXVGt2Z6F/BZXxkIaPG1f5ebM/Cw/khc5FbKEQ26PVR7m6gZ1MRGNCyI5Ax9:TSW22sBZBkI7hebM/Cw/khc5FbKEV6PQ
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Pre-OS Boot
1Bootkit
1Defense Evasion
Modify Registry
2Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1