General
-
Target
wangnengjs-winoencxans_1.1.0.6.rar
-
Size
48.0MB
-
Sample
241122-jjhgpawqdx
-
MD5
58fa0086af74d7ab7cf18439978ba4a2
-
SHA1
61d2fbfb534da85c7828f0d15dce59a9f84897f9
-
SHA256
86c3abe07a3671d4e1e9738e45792755c017b2122b3111d29a2e5d39d8126b89
-
SHA512
18c8d9d6fad757b9cba511781cea4005fdfe246872d14e26524e306641bfe0ed1e44ae0ced7bc9817616a60b63a9c34a14402fb2a9cb2fc5c51eebdc354237b6
-
SSDEEP
786432:Fvk3n4zAOW+QyCpl8cUzDzXLQbNi+QTKn1D71s8/VDplnbjKiqrZpcvXAkqMEFGJ:9k3EA9NGzXLwIk71siyiIpcPAkq/FyZ
Static task
static1
Behavioral task
behavioral1
Sample
wangnengjs-winoencxans_1.1.0.6.msi
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
wangnengjs-winoencxans_1.1.0.6.msi
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
wangnengjs-winoencxans_1.1.0.6.msi
-
Size
50.9MB
-
MD5
143b59cd302d0ca40f146ba53aaaaad5
-
SHA1
a8a5345e19b20500b62629f14060aefc883e3b52
-
SHA256
4a68bdfa3e31a8c063bbf94469160eb7998a556027d5ad33f37c347a71c2d3a4
-
SHA512
f0ee06942a41d51dceb3dd5d512dad6f3380f1ade868807f7134c0607d195e8e4eac979dc2559aa6976eb0d0ff654dded10b9c647188fca206cff287298a1b90
-
SSDEEP
1572864:ONd1Bl1AJnKNldB6ZCUu6ofwyEICAf3u1ihUsMhMG:ONd1Blzd0ZX3QC03u11sMe
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Defense Evasion
Modify Registry
1Pre-OS Boot
1Bootkit
1System Binary Proxy Execution
1Msiexec
1