Resubmissions

22/11/2024, 08:09

241122-j2e5aasrgr 7

22/11/2024, 07:41

241122-jjhgpawqdx 6

General

  • Target

    wangnengjs-winoencxans_1.1.0.6.rar

  • Size

    48.0MB

  • Sample

    241122-jjhgpawqdx

  • MD5

    58fa0086af74d7ab7cf18439978ba4a2

  • SHA1

    61d2fbfb534da85c7828f0d15dce59a9f84897f9

  • SHA256

    86c3abe07a3671d4e1e9738e45792755c017b2122b3111d29a2e5d39d8126b89

  • SHA512

    18c8d9d6fad757b9cba511781cea4005fdfe246872d14e26524e306641bfe0ed1e44ae0ced7bc9817616a60b63a9c34a14402fb2a9cb2fc5c51eebdc354237b6

  • SSDEEP

    786432:Fvk3n4zAOW+QyCpl8cUzDzXLQbNi+QTKn1D71s8/VDplnbjKiqrZpcvXAkqMEFGJ:9k3EA9NGzXLwIk71siyiIpcPAkq/FyZ

Malware Config

Targets

    • Target

      wangnengjs-winoencxans_1.1.0.6.msi

    • Size

      50.9MB

    • MD5

      143b59cd302d0ca40f146ba53aaaaad5

    • SHA1

      a8a5345e19b20500b62629f14060aefc883e3b52

    • SHA256

      4a68bdfa3e31a8c063bbf94469160eb7998a556027d5ad33f37c347a71c2d3a4

    • SHA512

      f0ee06942a41d51dceb3dd5d512dad6f3380f1ade868807f7134c0607d195e8e4eac979dc2559aa6976eb0d0ff654dded10b9c647188fca206cff287298a1b90

    • SSDEEP

      1572864:ONd1Bl1AJnKNldB6ZCUu6ofwyEICAf3u1ihUsMhMG:ONd1Blzd0ZX3QC03u11sMe

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks