General

  • Target

    BWCStartMSI.exe

  • Size

    8.1MB

  • Sample

    241216-r1x8gatnal

  • MD5

    89d75b7846db98111be948830f9cf7c2

  • SHA1

    3771cbe04980af3cdca295df79346456d1207051

  • SHA256

    1077f5ff5fc1c7b7ce347323d14ba387f43e9cfab9808fa31a1cd3144fa05ef4

  • SHA512

    f283b1a7bc30621a0e6ee6383174323cc67d002329a294d13aa23a633ca6f66ee0acdc6a4d2b0d4b7465acaa043b60f1ed27200a2b2d998fa0ef85f3545138fc

  • SSDEEP

    196608:HREgs4DsRz2vROZmy0TNy06Gm/HVSle4LG7IYTmd6r+d4:HRG2vROZmyYR63/HVSleAkLT66r+a

Malware Config

Targets

    • Target

      BWCStartMSI.exe

    • Size

      8.1MB

    • MD5

      89d75b7846db98111be948830f9cf7c2

    • SHA1

      3771cbe04980af3cdca295df79346456d1207051

    • SHA256

      1077f5ff5fc1c7b7ce347323d14ba387f43e9cfab9808fa31a1cd3144fa05ef4

    • SHA512

      f283b1a7bc30621a0e6ee6383174323cc67d002329a294d13aa23a633ca6f66ee0acdc6a4d2b0d4b7465acaa043b60f1ed27200a2b2d998fa0ef85f3545138fc

    • SSDEEP

      196608:HREgs4DsRz2vROZmy0TNy06Gm/HVSle4LG7IYTmd6r+d4:HRG2vROZmyYR63/HVSleAkLT66r+a

    • Blocklisted process makes network request

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks