General

  • Target

    199eabb35b91888f23206ec029e5fa454421f397a5efabefa381547b62a88efa

  • Size

    7.4MB

  • Sample

    241111-yp5lqsykck

  • MD5

    d34063e6e56c9a390644ccf674933eb0

  • SHA1

    b6dc56b2f9d3cacc2c614419212bb2d2af1ea270

  • SHA256

    199eabb35b91888f23206ec029e5fa454421f397a5efabefa381547b62a88efa

  • SHA512

    a52d798e7338b21ecc40c034548ff194ced75848d1d9ff6c5542eed2dc7142a44c6802b45c3da66263ef053f561ee90912f0901ecbb04d9c1dfaa8827a7a697c

  • SSDEEP

    196608:9DrJqt+meippi3yokKovdU1FVQqfwAS4O+iX:93megkBGU1AyS/X

Malware Config

Targets

    • Target

      199eabb35b91888f23206ec029e5fa454421f397a5efabefa381547b62a88efa

    • Size

      7.4MB

    • MD5

      d34063e6e56c9a390644ccf674933eb0

    • SHA1

      b6dc56b2f9d3cacc2c614419212bb2d2af1ea270

    • SHA256

      199eabb35b91888f23206ec029e5fa454421f397a5efabefa381547b62a88efa

    • SHA512

      a52d798e7338b21ecc40c034548ff194ced75848d1d9ff6c5542eed2dc7142a44c6802b45c3da66263ef053f561ee90912f0901ecbb04d9c1dfaa8827a7a697c

    • SSDEEP

      196608:9DrJqt+meippi3yokKovdU1FVQqfwAS4O+iX:93megkBGU1AyS/X

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks