Resubmissions

15/01/2025, 18:15

250115-wv6pwazrav 8

15/01/2025, 18:02

250115-wmqcxs1rfq 10

General

  • Target

    Screenshot 2025-01-15 12.29.03 PM.png

  • Size

    772B

  • Sample

    250115-wv6pwazrav

  • MD5

    17645b73feca89196be2b3b9fda1af8c

  • SHA1

    b1026b5b2a8ad8caa1734127deef61a72eef790b

  • SHA256

    536d41f75e7e710b96459a2b9eeb2cd926babb1d31faf2d9fdb8a2d2f0b54364

  • SHA512

    d04e9e0ab3dda0b99a4340a3613b4d3f936587792fde302a37ab4792cd33dcc2dc7ea18e0d6454cee6c071e43df1ccdaf09681dac9007566b7a71f0efd90ea6b

Malware Config

Targets

    • Target

      Screenshot 2025-01-15 12.29.03 PM.png

    • Size

      772B

    • MD5

      17645b73feca89196be2b3b9fda1af8c

    • SHA1

      b1026b5b2a8ad8caa1734127deef61a72eef790b

    • SHA256

      536d41f75e7e710b96459a2b9eeb2cd926babb1d31faf2d9fdb8a2d2f0b54364

    • SHA512

      d04e9e0ab3dda0b99a4340a3613b4d3f936587792fde302a37ab4792cd33dcc2dc7ea18e0d6454cee6c071e43df1ccdaf09681dac9007566b7a71f0efd90ea6b

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks