General
-
Target
9a0ff5d37764351083bd1b1e8a58117de7b7e8e48c40ceff7ce69e1b428543e4N
-
Size
102KB
-
Sample
241026-dkkesayemg
-
MD5
5af1e1fc0a30541d26d1e37526b7bfe0
-
SHA1
bdc1a9d291d67756d2aa6926d08baf65566749af
-
SHA256
9a0ff5d37764351083bd1b1e8a58117de7b7e8e48c40ceff7ce69e1b428543e4
-
SHA512
ca1d212041e2e7a4911e14879709be6978b8f0b2af027a24915017db8e05d56aca70b70650f9445c37023e7695182c0e68a0c3710fbcc4248d34fa260734e85a
-
SSDEEP
3072:xK4RNx6nb4RoIw/XBSeral6oaE0HGnvXuEOrc0px:xl6XYeel6GGGVOn
Static task
static1
Behavioral task
behavioral1
Sample
9a0ff5d37764351083bd1b1e8a58117de7b7e8e48c40ceff7ce69e1b428543e4N.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
9a0ff5d37764351083bd1b1e8a58117de7b7e8e48c40ceff7ce69e1b428543e4N
-
Size
102KB
-
MD5
5af1e1fc0a30541d26d1e37526b7bfe0
-
SHA1
bdc1a9d291d67756d2aa6926d08baf65566749af
-
SHA256
9a0ff5d37764351083bd1b1e8a58117de7b7e8e48c40ceff7ce69e1b428543e4
-
SHA512
ca1d212041e2e7a4911e14879709be6978b8f0b2af027a24915017db8e05d56aca70b70650f9445c37023e7695182c0e68a0c3710fbcc4248d34fa260734e85a
-
SSDEEP
3072:xK4RNx6nb4RoIw/XBSeral6oaE0HGnvXuEOrc0px:xl6XYeel6GGGVOn
-
Blocklisted process makes network request
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1