General
-
Target
taas.png
-
Size
482KB
-
Sample
240702-1mecwa1dmb
-
MD5
5cdee96ab62ae22eaced595bbe8e9eb4
-
SHA1
c258fd9b3d6adce3b30cdbb43f8783d12800082a
-
SHA256
957e27a1546f944c33967f491f184484717b6aab8bf57fcb9b121c22b49d789f
-
SHA512
ca9acb73f52d685656af6bf4457f686e894a3fc34029d72fad2bcbf3bbfb79bcdca0e51188f57f31802fd06f7d671f0ed3d5034f2e4d52cbee04a82b7d7a91e0
-
SSDEEP
12288:iDVrZ0KGNJDi5eQDoxqgVm5K/oea9aDXY3ax+KdxaAX8ZVJxbzamWQ2:u9Z0KGP3Q0YgCK/T6azxx+KjXGVDbEh
Static task
static1
Behavioral task
behavioral1
Sample
taas.png
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
taas.png
-
Size
482KB
-
MD5
5cdee96ab62ae22eaced595bbe8e9eb4
-
SHA1
c258fd9b3d6adce3b30cdbb43f8783d12800082a
-
SHA256
957e27a1546f944c33967f491f184484717b6aab8bf57fcb9b121c22b49d789f
-
SHA512
ca9acb73f52d685656af6bf4457f686e894a3fc34029d72fad2bcbf3bbfb79bcdca0e51188f57f31802fd06f7d671f0ed3d5034f2e4d52cbee04a82b7d7a91e0
-
SSDEEP
12288:iDVrZ0KGNJDi5eQDoxqgVm5K/oea9aDXY3ax+KdxaAX8ZVJxbzamWQ2:u9Z0KGP3Q0YgCK/T6azxx+KjXGVDbEh
-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Modifies file permissions
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1