General
-
Target
9a891c9f5af6ee82167e5bda6995d6c283f4c5d0972d2f349e5d7ac4f20545ef
-
Size
4.8MB
-
Sample
241122-fryl4a1kbm
-
MD5
afae6de1734adf4d3f2f771d0dcd29ab
-
SHA1
176f4cec23d9c252384906384ae06420d12cdaf5
-
SHA256
9a891c9f5af6ee82167e5bda6995d6c283f4c5d0972d2f349e5d7ac4f20545ef
-
SHA512
0d6e3bc9dac5aa5b99caf2af20c7f5a3825d3f4482a1b7157d1e9d97c3af8763229f7737b953787decc46db7cf63a9fe1e8b97f3a56a8b7ea1fe37d8c63de8b6
-
SSDEEP
98304:Ogtuj9fv6/BZXxkI4PG1f5eLM/Cw/khc5FbKEQ26PVR7m6gZ1MRGNCyI5AxV300m:3iuBZBkIhheLM/Cw/khc5FbKEV6PVR7p
Static task
static1
Behavioral task
behavioral1
Sample
9a891c9f5af6ee82167e5bda6995d6c283f4c5d0972d2f349e5d7ac4f20545ef.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
9a891c9f5af6ee82167e5bda6995d6c283f4c5d0972d2f349e5d7ac4f20545ef.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
9a891c9f5af6ee82167e5bda6995d6c283f4c5d0972d2f349e5d7ac4f20545ef
-
Size
4.8MB
-
MD5
afae6de1734adf4d3f2f771d0dcd29ab
-
SHA1
176f4cec23d9c252384906384ae06420d12cdaf5
-
SHA256
9a891c9f5af6ee82167e5bda6995d6c283f4c5d0972d2f349e5d7ac4f20545ef
-
SHA512
0d6e3bc9dac5aa5b99caf2af20c7f5a3825d3f4482a1b7157d1e9d97c3af8763229f7737b953787decc46db7cf63a9fe1e8b97f3a56a8b7ea1fe37d8c63de8b6
-
SSDEEP
98304:Ogtuj9fv6/BZXxkI4PG1f5eLM/Cw/khc5FbKEQ26PVR7m6gZ1MRGNCyI5AxV300m:3iuBZBkIhheLM/Cw/khc5FbKEV6PVR7p
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Pre-OS Boot
1Bootkit
1Defense Evasion
Modify Registry
2Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1