General

  • Target

    Mx Woofer.rar

  • Size

    4.3MB

  • Sample

    241113-zqr8gayhrp

  • MD5

    615873e0248a840858cbd8c0eaed621d

  • SHA1

    3d691efcad55768b475a84a57d36fd87a7ef099d

  • SHA256

    fbbc00b62830a07bf3b575daf8e1d041807c94b85bdc62fcab0a7ac6caf31314

  • SHA512

    adc8359892d8f6a887935b364574514b92f5cb5aeb65c1bb22620f4efc380514502a41138062dca1712074cede414d4711138a04a8e8ee196bd199b404eb2c9f

  • SSDEEP

    98304:Ggfc5DAqsa2dy9ebVmu8BF/CICAV+OboTVSLingYQ3sqD3rz:hcR238T/qO8TVujGSn

Malware Config

Targets

    • Target

      MXWoofer.exe

    • Size

      8.1MB

    • MD5

      3b92c15545fdefaaa701250a5006bd32

    • SHA1

      f19eefb54911acdb7d9e24e1a4a8dd7e2c5ca671

    • SHA256

      0f53954a7f1c92ea54bdce10149d9bb1517e629a2a98db4b77d8db1c10938fb2

    • SHA512

      f85fc5866e3a96079a78cefb4e55e976af628f1e76a03e954e1ebed27c43d811be5f744b0416724d57d441e72fa2566cec8ccbb7fd04d62563c1787ae052ebac

    • SSDEEP

      98304:K9fyrBps+nI4Cm5+5OeP9qU4ccBcwHehrDZ/m4hMPB6OSuXQL:KVyrB6MEPqUTcBXHWuCMp6yXQL

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Stops running service(s)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks