General
-
Target
sample
-
Size
20KB
-
Sample
241001-skypqszeld
-
MD5
d04f14603c744b072830c58eb605d341
-
SHA1
126a361d583250b8d71347c3d6e610659ce7f1cc
-
SHA256
1e8e3ef736ff953fafd5d24cfff946b13be0f396b3a3dd4f627a4dbe135ebbd3
-
SHA512
849ba12162d36f01f93e445d80941573994b95413741c82fb9a647c5c58501fb9d3c6ab16d67575af1cc6293d80b8f681371267b64032407597f6476a2d07e42
-
SSDEEP
384:Q6spa1ocy4m4lbGawMvhpN0uKzF2Jrc2REu4Y0wM1tsa31xCejiw:QM1ocy4VEabJpNDKyrAu4Y0wM1vlxPiw
Static task
static1
Malware Config
Targets
-
-
Target
sample
-
Size
20KB
-
MD5
d04f14603c744b072830c58eb605d341
-
SHA1
126a361d583250b8d71347c3d6e610659ce7f1cc
-
SHA256
1e8e3ef736ff953fafd5d24cfff946b13be0f396b3a3dd4f627a4dbe135ebbd3
-
SHA512
849ba12162d36f01f93e445d80941573994b95413741c82fb9a647c5c58501fb9d3c6ab16d67575af1cc6293d80b8f681371267b64032407597f6476a2d07e42
-
SSDEEP
384:Q6spa1ocy4m4lbGawMvhpN0uKzF2Jrc2REu4Y0wM1tsa31xCejiw:QM1ocy4VEabJpNDKyrAu4Y0wM1vlxPiw
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Modifies file permissions
-
Legitimate hosting services abused for malware hosting/C2
-
Modifies boot configuration data using bcdedit
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Modify Registry
1Pre-OS Boot
1Bootkit
1