General
-
Target
UniSDP_20240330SP_20240708V5.3.0.14.exe.7z
-
Size
81.3MB
-
Sample
241121-nnxjmawmhk
-
MD5
7492a41ed5eb8e616fdfb03ddc3d7732
-
SHA1
bb570a324312eb84eac09ef6d15bb38d4bffd6fb
-
SHA256
d73e40b366acfd7adebc7d90ef7762f8d8e8e80f44265dc135b02c3701cd75be
-
SHA512
d86822851c210ada7036ad733ac7954e3b2ac94b47eaa38348a4842d8900e8660a41f598cc97a48ed99651b128057ddf80440dbb777271af215e64ee16cd0426
-
SSDEEP
1572864:6g+/9N6HKgIMApwk1dE6D1XDR47l4rd1NlwYncLTQ2B9B2:p+loHBIMA2k1dEq1X+7l4x72YeTQUo
Malware Config
Targets
-
-
Target
UniSDP_20240330SP_20240708V5.3.0.14.exe
-
Size
82.0MB
-
MD5
825e920d558d1cd51625f626a17f7611
-
SHA1
877fff845dc7b4c82f1c60612b1bc838214e7143
-
SHA256
1721cc210c60da50a27d4502eb7b513bd0c104f8fff7954cdd0d3fe451acacd1
-
SHA512
420cfe52a5a6a3409212240fc562dac7ff4d5b96569aa9784a8d9f834468d3fc033b017d8b541ad9d02782e85d9dc3869d1912fe55091202c9d31e719f88a88f
-
SSDEEP
1572864:kB3u04SAfmX1fygZTtu6lwWJfDb48CeMbmdMSpx4qX:kBe5SmmX16gZTtZlwaDb4/tqdPx4
Score10/10-
Modifies firewall policy service
-
Drops file in Drivers directory
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
2AppInit DLLs
1Component Object Model Hijacking
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
2AppInit DLLs
1Component Object Model Hijacking
1Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Safe Mode Boot
1Indicator Removal
1Clear Windows Event Logs
1Modify Registry
3Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1