General

  • Target

    wps_wid.cid-2022066212.1730256530.exe

  • Size

    5.4MB

  • Sample

    241031-q2d1js1kbn

  • MD5

    8fec8eac3a2570f8a84b2a7366466266

  • SHA1

    c34f45eb57dfe8af4119f0c596e7449c3d8152cb

  • SHA256

    bea582660ded06e641ec50cc0408548da44dae8be466e33cff2e5f7c4a367271

  • SHA512

    5cf3ec2b2aed438d58a3929e9266b3c93afd9561552023e8b82687a8fe1d87b74d7dff88ee38b28031af5112c77b0bbd34c4e2e6b1bac6c0996701e4f9f897f5

  • SSDEEP

    98304:nrI1lEAOYB6RJ2dqW8LZJc+ZQSAA4zJOi6f4s/w0dGw/XM:sXGULEFrcPJzAxf4MFGk8

Malware Config

Targets

    • Target

      wps_wid.cid-2022066212.1730256530.exe

    • Size

      5.4MB

    • MD5

      8fec8eac3a2570f8a84b2a7366466266

    • SHA1

      c34f45eb57dfe8af4119f0c596e7449c3d8152cb

    • SHA256

      bea582660ded06e641ec50cc0408548da44dae8be466e33cff2e5f7c4a367271

    • SHA512

      5cf3ec2b2aed438d58a3929e9266b3c93afd9561552023e8b82687a8fe1d87b74d7dff88ee38b28031af5112c77b0bbd34c4e2e6b1bac6c0996701e4f9f897f5

    • SSDEEP

      98304:nrI1lEAOYB6RJ2dqW8LZJc+ZQSAA4zJOi6f4s/w0dGw/XM:sXGULEFrcPJzAxf4MFGk8

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks