General

  • Target

    c6ee5a6349461572d88dc1dafedf2f648e01cafb9a2fab72c3b1b6a4be2fc714

  • Size

    7.4MB

  • Sample

    241110-c4sptsxfmr

  • MD5

    b7fd5e81d82b724c01552e6a00550cf1

  • SHA1

    949ca55249ed05443275fea7397519084f7c05f2

  • SHA256

    c6ee5a6349461572d88dc1dafedf2f648e01cafb9a2fab72c3b1b6a4be2fc714

  • SHA512

    e1df10703891791ad0714b364f1e06458052c8da973631c61ef2506065997769b13dacaa9af800186f3d1581c7cde0009dc6457f34d62572dfb4bfdd7d093450

  • SSDEEP

    98304:EUsE3yp0JsiaQ2HQbPD3mlZ3HYsn+uMfpByzriBkDOHOkOPD6woUMBXfRErb+:T3y+Dv2HQIvnt2zusw1MNfU+

Malware Config

Targets

    • Target

      c6ee5a6349461572d88dc1dafedf2f648e01cafb9a2fab72c3b1b6a4be2fc714

    • Size

      7.4MB

    • MD5

      b7fd5e81d82b724c01552e6a00550cf1

    • SHA1

      949ca55249ed05443275fea7397519084f7c05f2

    • SHA256

      c6ee5a6349461572d88dc1dafedf2f648e01cafb9a2fab72c3b1b6a4be2fc714

    • SHA512

      e1df10703891791ad0714b364f1e06458052c8da973631c61ef2506065997769b13dacaa9af800186f3d1581c7cde0009dc6457f34d62572dfb4bfdd7d093450

    • SSDEEP

      98304:EUsE3yp0JsiaQ2HQbPD3mlZ3HYsn+uMfpByzriBkDOHOkOPD6woUMBXfRErb+:T3y+Dv2HQIvnt2zusw1MNfU+

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks