General

  • Target

    bittorrent_installer.exe

  • Size

    1.8MB

  • Sample

    241016-banncayejq

  • MD5

    5ea97449a6e7ccc611061450bbb2b993

  • SHA1

    bb2a46a09ef94591057bfacf7728553a72c45205

  • SHA256

    91c1909249d3722496be27e62d6d0f861c73c418e24337e2d0ec9cf46bd1f0b8

  • SHA512

    cb005db99a05a0e784fe681f25bafb04502f8b26b171afc0fde28a101454e4dc302f67fedb22212095a72f0b362d0a290bc9617e4bf0d09b1a7bbe4f87075cca

  • SSDEEP

    24576:S7FUDowAyrTVE3U5F4u62G9lm3dApk5RxlBMKUiu3mYx+Ud0C1McxE:SBuZrEU8uYgdA6nlKKUXmYxr9mcm

Malware Config

Targets

    • Target

      bittorrent_installer.exe

    • Size

      1.8MB

    • MD5

      5ea97449a6e7ccc611061450bbb2b993

    • SHA1

      bb2a46a09ef94591057bfacf7728553a72c45205

    • SHA256

      91c1909249d3722496be27e62d6d0f861c73c418e24337e2d0ec9cf46bd1f0b8

    • SHA512

      cb005db99a05a0e784fe681f25bafb04502f8b26b171afc0fde28a101454e4dc302f67fedb22212095a72f0b362d0a290bc9617e4bf0d09b1a7bbe4f87075cca

    • SSDEEP

      24576:S7FUDowAyrTVE3U5F4u62G9lm3dApk5RxlBMKUiu3mYx+Ud0C1McxE:SBuZrEU8uYgdA6nlKKUXmYxr9mcm

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Downloads MZ/PE file

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks