General

  • Target

    54a7df8a91c127c47945b8e01c763eb011d97526feae24d13c473e5534ba331e

  • Size

    5.3MB

  • Sample

    241031-zx5gdasjat

  • MD5

    ada19d5f9a39590e6f399cf54378381d

  • SHA1

    27d387adf7a3300a53dc8c00184227d6403b82e0

  • SHA256

    54a7df8a91c127c47945b8e01c763eb011d97526feae24d13c473e5534ba331e

  • SHA512

    dcaaa66cdd07d08aadace4b3efa12c6e62bdafbfd816d30a6565dc3c0b775902c5d7b620c5bd34949c90758e60bcdc6686410e5832138c494563f443b0c290b4

  • SSDEEP

    98304:F9Ns5TDi1FXQct/iAj185SHiX3vks8Uu50GPxluKMWRhNmAJf/Ds:FgTDi1FXQct/iAj185SCX850ixFRhNXF

Malware Config

Targets

    • Target

      54a7df8a91c127c47945b8e01c763eb011d97526feae24d13c473e5534ba331e

    • Size

      5.3MB

    • MD5

      ada19d5f9a39590e6f399cf54378381d

    • SHA1

      27d387adf7a3300a53dc8c00184227d6403b82e0

    • SHA256

      54a7df8a91c127c47945b8e01c763eb011d97526feae24d13c473e5534ba331e

    • SHA512

      dcaaa66cdd07d08aadace4b3efa12c6e62bdafbfd816d30a6565dc3c0b775902c5d7b620c5bd34949c90758e60bcdc6686410e5832138c494563f443b0c290b4

    • SSDEEP

      98304:F9Ns5TDi1FXQct/iAj185SHiX3vks8Uu50GPxluKMWRhNmAJf/Ds:FgTDi1FXQct/iAj185SCX850ixFRhNXF

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks