General
-
Target
Screenshot 2025-01-17 11.58.31 AM.png
-
Size
286B
-
Sample
250117-vqp1wsxmg1
-
MD5
e852b1031b11b96e565db128b378edac
-
SHA1
dddaf3c44e7c2ff3a48076871f76915442b400e1
-
SHA256
039142cf1936d2ea6584fb908bc63d1a32a634eaadb565c4253d37e482b8e285
-
SHA512
9a55491431ecb8cdbcd6b4fac8df86b18880e1f4714facdb03b6a0c62ac13f7871cf5267cd8a72cf4fe3be6da23d910b8cc67af03742f65ba0024dd65f410b9c
Static task
static1
Behavioral task
behavioral1
Sample
Screenshot 2025-01-17 11.58.31 AM.png
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
Screenshot 2025-01-17 11.58.31 AM.png
-
Size
286B
-
MD5
e852b1031b11b96e565db128b378edac
-
SHA1
dddaf3c44e7c2ff3a48076871f76915442b400e1
-
SHA256
039142cf1936d2ea6584fb908bc63d1a32a634eaadb565c4253d37e482b8e285
-
SHA512
9a55491431ecb8cdbcd6b4fac8df86b18880e1f4714facdb03b6a0c62ac13f7871cf5267cd8a72cf4fe3be6da23d910b8cc67af03742f65ba0024dd65f410b9c
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
2Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1