General

  • Target

    Potato_1.exe.vir

  • Size

    79.9MB

  • Sample

    241031-nhrq7axerq

  • MD5

    d2ac273c1e90ac39c362a69dbaf4a560

  • SHA1

    e1c68103117f9325953a604f97aa0dc280ee7b92

  • SHA256

    1a38288d73f845ae6788a60398ad47ed1cdbaaec58c80cc16a45dcd7dbcb9558

  • SHA512

    e28fdfcf047ed79def12bf28f0e4fb2fba85546b7eb333ab44f0aea74fc270fac341e63bf67cc33b2d6569116aa3d52f7e639f1af8823437de42b9a0815b1577

  • SSDEEP

    1572864:8sTO6Viu5K9FnRAfhILfOWyTWyTWyTWyTWyTWyTWyTWyTWyTWysZlSfUoFe:8jcifFnRACLfOWkWkWkWkWkWkWkWkWkU

Malware Config

Targets

    • Target

      Potato_1.exe.vir

    • Size

      79.9MB

    • MD5

      d2ac273c1e90ac39c362a69dbaf4a560

    • SHA1

      e1c68103117f9325953a604f97aa0dc280ee7b92

    • SHA256

      1a38288d73f845ae6788a60398ad47ed1cdbaaec58c80cc16a45dcd7dbcb9558

    • SHA512

      e28fdfcf047ed79def12bf28f0e4fb2fba85546b7eb333ab44f0aea74fc270fac341e63bf67cc33b2d6569116aa3d52f7e639f1af8823437de42b9a0815b1577

    • SSDEEP

      1572864:8sTO6Viu5K9FnRAfhILfOWyTWyTWyTWyTWyTWyTWyTWyTWyTWysZlSfUoFe:8jcifFnRACLfOWkWkWkWkWkWkWkWkWkU

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks