General

  • Target

    Virus2(2).iso

  • Size

    1.5MB

  • Sample

    241112-1xp75avrbm

  • MD5

    4574c69067151fe92985b3ce8f967ce9

  • SHA1

    09b0d4852e19f4ac68d9cc354de9f192dfa329ed

  • SHA256

    c700076cbed01f98864f88477bc438eaa83a5680b094357c34a23966712ed453

  • SHA512

    774bc74e0bfe832f0b57c8e3e738cd0154ca47a00151f9109c5fe43197c4e8a9c50876c5b0a637eeff0c54918a4739f20312430d0a8fb76adb5a8a388e9faf7e

  • SSDEEP

    24576:E7zoWJchffi8qV9GKgjaeCrVZcTNdt7nGGHlOi9E3AAqzM5:E7ki8qVwFBCoNdt7BHlOi9E3AAqzQ

Malware Config

Targets

    • Target

      Chorume.exe

    • Size

      422KB

    • MD5

      9899401ba1c823c128e959d7de3ab5f6

    • SHA1

      7d920fcc6a51b0fb4e66e7024dae1280b56a3297

    • SHA256

      f9cbd2d541ac93c7d573d190fa11614e0d15da6256c5a941725d2bd55b2d6ab9

    • SHA512

      66bd7a34a7229a3d632ae86487fa2dd9ef2cf14e5faffddb5f82ba9243928d8daf50a3151827561b0a587a6850ea7c515434f7de621f2158ccddae217b92fe6f

    • SSDEEP

      6144:siprubKo5yzKaE4EwP0fKb8TvnewbDAbMPQXIKGKg+kfgEHAy0m9N74gGoAGu3:silubKaqW9wuKb8TPeUkN9GKgTfa83C

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      Holmium1.01.exe

    • Size

      126KB

    • MD5

      c5bff96cabce5fdaad88d58dfe16ca96

    • SHA1

      8607363137418ebe82c005d6f585f4a385be460d

    • SHA256

      763b04a88559fd1ef98c45c528ea034a646f5a3109512d88ae86b2eae8b10388

    • SHA512

      8280ad4e795b51c2c2ef281c214c74f36fae2f175662af761884d304803a4741a608d99cddbea4903dbc63604750c1cfd3794320bb44d4ce56a5a236ac1cb9b0

    • SSDEEP

      3072:2z/euuBVs2wtfDCXJHrs6JfYjbI/O6YHSDJY4M:auBVyO66Yt

    • Disables Task Manager via registry modification

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      Holzer.exe

    • Size

      135KB

    • MD5

      c971c68b4e58ccc82802b21ae8488bc7

    • SHA1

      7305f3a0a0a0d489e0bcf664353289f61556de77

    • SHA256

      cede0b15d88c20bc750b516858f8bf31ee472f6cbd01640840890736c4333cce

    • SHA512

      ff199691c35f2748772410bf454e8b76dd67d892dd76fc87d20b3bbe6c145c6af1685344de636326692df792f55d0fba9a0025a7cf491d0b4e73ff45c3b039d7

    • SSDEEP

      3072:2EYGNIaWY/0kTKxIJXtJ0YCHiQtSetFITTTTTHvvvvvNKB:HN5TKvr9PuKB

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Modifies file permissions

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      MEMZ.exe

    • Size

      16KB

    • MD5

      1d5ad9c8d3fee874d0feb8bfac220a11

    • SHA1

      ca6d3f7e6c784155f664a9179ca64e4034df9595

    • SHA256

      3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

    • SHA512

      c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

    • SSDEEP

      192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

    • A potential corporate email address has been identified in the URL: [email protected]

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      Monoxide.exe

    • Size

      285KB

    • MD5

      2d86c59f442d667212cf3b69967fe891

    • SHA1

      0d686590ad41c4fff6323c1712f95eb58b628f99

    • SHA256

      6fb7cefd67ceb6573e47e0401f90496fe6c7555c7969120158d65deb1ee75a62

    • SHA512

      955a38631738ac0c01784878e9b62ae589a8651a632c9da425ef6c08ad3e19abe3ae1f2e175a57774a6cb04162dc0eda6889cf8ed9c7040f0c15dc0b0692a0a5

    • SSDEEP

      3072:8ggtCunocB7XmfOZBGpjka+q10UGuBNFndQ8333AlOi9E3AAqgm2Jy6t:TcB7X6OnGpjkyD3nOHlOi9E3AAqgmM5

    Score
    3/10
    • Target

      Protactinium.exe

    • Size

      43KB

    • MD5

      f6aa0dd947ff84db2c0e991aab776dcc

    • SHA1

      73d377c8d4b7d04ac9fd6c47d74491d76ca6cf6e

    • SHA256

      2ab5f10366ebad9e4af9369730495a6bd48ad278e78f880a54d583024491786d

    • SHA512

      3d81ae0131c6fc531d0592259d5cf7296aa61487de785e5b534a696867ae9ef8abae19aa1b938a62db6492af38829dfdbeb7da0d69ba2253b26cb8dd41d8bc83

    • SSDEEP

      384:1bGThpZmtWqjV0rABs4q56hDLApNEKYZWVOggl6k4+jQukJs0yjW:1bSutWvkBsXqApNTuB/7jeRH

    • Disables RegEdit via registry modification

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      Ruthenium.exe

    • Size

      36KB

    • MD5

      a1f174ce74dbe0e84e2c2964b29de0fd

    • SHA1

      d4dd4b86ec50b2ea2519f5472642d30301e20aa3

    • SHA256

      5066c3a750eb6f07addf5cee1e6b00894c52e1c4fbf1702befcd5ac9bf1d83f3

    • SHA512

      41edeab57b55b74a22ac46814f985a78704b35c14d330d5264765ce9a22d19762659a47cfce13fcef28f322ed0a018976585dd65270690422b64b4860a2ecd31

    • SSDEEP

      384:x6j2tyffbHj9X8EY5Z3absnexUDoRGAGYk2zWfAozcQcgJgyBkAg+jdGb90kGj:SDD9hYbqbhFZkeWoecuiATjXp

    • Disables Task Manager via registry modification

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      tin.exe

    • Size

      439KB

    • MD5

      b3edc0708fb191e2d3016c68585ed31e

    • SHA1

      ab1ce0cb2a819b82206dc1e922e97b284b585d17

    • SHA256

      c9fffa589040d8a6d22285255604948ff3bb3efa7077c776b6b09272bc293b7d

    • SHA512

      77b67f4cf6344f56e20172357831497c6ae4ff57c5a852762437419a7e5819805e10098dc87f90e937cf7603b72a94e6cf66681e1602974355fae8644b2a42dc

    • SSDEEP

      12288:WHt2oRiGYi03velDeWJcqLofSfAuyOrC:c7zoWJchf

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks