Overview

overview

8

Static

static

0066c6b2c1...bc.exe

windows7_x64

6

0066c6b2c1...bc.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0066c6b2c125d0a0cf73e8d1f52b083b9cebc5b1d06078df2ec9d681c9c9d0bc

  • Size

    842KB

  • Sample

    220516-yqw1zsehc5

  • MD5

    80c20e5656d3977dc36a479899e664e2

  • SHA1

    320629b03e3ce69eceac5b1e41c43a61db4afb82

  • SHA256

    0066c6b2c125d0a0cf73e8d1f52b083b9cebc5b1d06078df2ec9d681c9c9d0bc

  • SHA512

    f318e4be287a17b8aa1d9e81a53215c8667b3c2afeac2d4359f706a9ecbfb60ce50a29f82d10708f8f7fd7c6ed5a2478fb026bbb958e2d89ec427f4b473d4915

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      0066c6b2c125d0a0cf73e8d1f52b083b9cebc5b1d06078df2ec9d681c9c9d0bc

    • Size

      842KB

    • MD5

      80c20e5656d3977dc36a479899e664e2

    • SHA1

      320629b03e3ce69eceac5b1e41c43a61db4afb82

    • SHA256

      0066c6b2c125d0a0cf73e8d1f52b083b9cebc5b1d06078df2ec9d681c9c9d0bc

    • SHA512

      f318e4be287a17b8aa1d9e81a53215c8667b3c2afeac2d4359f706a9ecbfb60ce50a29f82d10708f8f7fd7c6ed5a2478fb026bbb958e2d89ec427f4b473d4915

    Score
    8/10
    bootkitpersistence

    • Modifies Installed Components in the registry

      persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks