General

  • Target

    d786e992aaf87191ec4ccaa8366c92ab094941bf1f0f4ffafd1d05e6b56685ca

  • Size

    9.7MB

  • Sample

    241016-g858yaxbnf

  • MD5

    08a9aeaa5c55fa124e5319c2576c7876

  • SHA1

    54d3f873b2801a0e92906f0decf77cc72acde524

  • SHA256

    d786e992aaf87191ec4ccaa8366c92ab094941bf1f0f4ffafd1d05e6b56685ca

  • SHA512

    1ad92f84339385a622c7560968a08263603280d5c365975e675ee1be6213042beaf8f05c61f2234ed66ba50bca129aec0c0b6c9f1a81fa8c921bb24c7b1c2cb1

  • SSDEEP

    196608:1avyXdJAFvb1awcn246O8BvlintKoZCQAS:1BvAFvb1aHF6OOvCK8QS

Malware Config

Targets

    • Target

      d786e992aaf87191ec4ccaa8366c92ab094941bf1f0f4ffafd1d05e6b56685ca

    • Size

      9.7MB

    • MD5

      08a9aeaa5c55fa124e5319c2576c7876

    • SHA1

      54d3f873b2801a0e92906f0decf77cc72acde524

    • SHA256

      d786e992aaf87191ec4ccaa8366c92ab094941bf1f0f4ffafd1d05e6b56685ca

    • SHA512

      1ad92f84339385a622c7560968a08263603280d5c365975e675ee1be6213042beaf8f05c61f2234ed66ba50bca129aec0c0b6c9f1a81fa8c921bb24c7b1c2cb1

    • SSDEEP

      196608:1avyXdJAFvb1awcn246O8BvlintKoZCQAS:1BvAFvb1aHF6OOvCK8QS

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks