General
-
Target
wps_wid.cid-2022066212.1730256530.exe
-
Size
5.4MB
-
Sample
241031-q2d1js1kbn
-
MD5
8fec8eac3a2570f8a84b2a7366466266
-
SHA1
c34f45eb57dfe8af4119f0c596e7449c3d8152cb
-
SHA256
bea582660ded06e641ec50cc0408548da44dae8be466e33cff2e5f7c4a367271
-
SHA512
5cf3ec2b2aed438d58a3929e9266b3c93afd9561552023e8b82687a8fe1d87b74d7dff88ee38b28031af5112c77b0bbd34c4e2e6b1bac6c0996701e4f9f897f5
-
SSDEEP
98304:nrI1lEAOYB6RJ2dqW8LZJc+ZQSAA4zJOi6f4s/w0dGw/XM:sXGULEFrcPJzAxf4MFGk8
Static task
static1
Behavioral task
behavioral1
Sample
wps_wid.cid-2022066212.1730256530.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
wps_wid.cid-2022066212.1730256530.exe
-
Size
5.4MB
-
MD5
8fec8eac3a2570f8a84b2a7366466266
-
SHA1
c34f45eb57dfe8af4119f0c596e7449c3d8152cb
-
SHA256
bea582660ded06e641ec50cc0408548da44dae8be466e33cff2e5f7c4a367271
-
SHA512
5cf3ec2b2aed438d58a3929e9266b3c93afd9561552023e8b82687a8fe1d87b74d7dff88ee38b28031af5112c77b0bbd34c4e2e6b1bac6c0996701e4f9f897f5
-
SSDEEP
98304:nrI1lEAOYB6RJ2dqW8LZJc+ZQSAA4zJOi6f4s/w0dGw/XM:sXGULEFrcPJzAxf4MFGk8
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
3Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1