General

  • Target

    gyatt-kai-cenat.png

  • Size

    119KB

  • Sample

    241015-y4p5layhmj

  • MD5

    729b689889265e5ff249f564d3802012

  • SHA1

    f508887fc0d4839e564acccfa40e911a431c16ea

  • SHA256

    a248cd2d982849bf0ccd3db8478e7d2dba29b02d72b027082c1696a541ba1f35

  • SHA512

    9653403fdfafbbdc35c22bddc8e1c2492a7ab2b20259578004a1911299e023860971277ae31a62fe04ad55b3d9565fbcbd277877ef18e81447e4f8955e255c07

  • SSDEEP

    3072:gw6ZwndRt6F2YTYbYtUhzafGM0mQlP2rUZpr:kmXqEbYGdaxQRdXr

Malware Config

Targets

    • Target

      gyatt-kai-cenat.png

    • Size

      119KB

    • MD5

      729b689889265e5ff249f564d3802012

    • SHA1

      f508887fc0d4839e564acccfa40e911a431c16ea

    • SHA256

      a248cd2d982849bf0ccd3db8478e7d2dba29b02d72b027082c1696a541ba1f35

    • SHA512

      9653403fdfafbbdc35c22bddc8e1c2492a7ab2b20259578004a1911299e023860971277ae31a62fe04ad55b3d9565fbcbd277877ef18e81447e4f8955e255c07

    • SSDEEP

      3072:gw6ZwndRt6F2YTYbYtUhzafGM0mQlP2rUZpr:kmXqEbYGdaxQRdXr

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks