General

  • Target

    164a2cba7ee46c4726c27441272f23c91481761bd7e8ca5bc0d0b927d7de5c2dN

  • Size

    2.9MB

  • Sample

    241109-sw2wjawlfs

  • MD5

    10f544c327556a8cc4fb61a86d5ea060

  • SHA1

    c9479584d53af8658ce53e15110b90a7d8207e80

  • SHA256

    164a2cba7ee46c4726c27441272f23c91481761bd7e8ca5bc0d0b927d7de5c2d

  • SHA512

    8817dd22865f7cf340398782bf58e45b7eec5db5185f99eb1556d7b0abe5b881d754d2ab75e87827f2b7ba17cdadce90787c4a18ef79a0fb139458a9969e9161

  • SSDEEP

    49152:5v4TlAzB2CWOdtmzYXB1UHO/vAZeBzJbTChxKCnFnQXBbrtgb/iQvu0UHOYU:8yyYz/YZedJ6hxvWbrtUTrUHOYU

Malware Config

Targets

    • Target

      164a2cba7ee46c4726c27441272f23c91481761bd7e8ca5bc0d0b927d7de5c2dN

    • Size

      2.9MB

    • MD5

      10f544c327556a8cc4fb61a86d5ea060

    • SHA1

      c9479584d53af8658ce53e15110b90a7d8207e80

    • SHA256

      164a2cba7ee46c4726c27441272f23c91481761bd7e8ca5bc0d0b927d7de5c2d

    • SHA512

      8817dd22865f7cf340398782bf58e45b7eec5db5185f99eb1556d7b0abe5b881d754d2ab75e87827f2b7ba17cdadce90787c4a18ef79a0fb139458a9969e9161

    • SSDEEP

      49152:5v4TlAzB2CWOdtmzYXB1UHO/vAZeBzJbTChxKCnFnQXBbrtgb/iQvu0UHOYU:8yyYz/YZedJ6hxvWbrtUTrUHOYU

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks