General
Target

340b6dde731c4ad30afc48d0266f38390c369c3d5a3b3021b667a239de8fbbf6

Size

222KB

Sample

220520-d6agpsaggk

Score
8/10
MD5

d5bf56df56fb286035f2ba1be411577b

SHA1

83f913a90bc11aba30f7873455de57365b9f9bf2

SHA256

340b6dde731c4ad30afc48d0266f38390c369c3d5a3b3021b667a239de8fbbf6

SHA512

897cf30a94f32ad87d8c56542f6fc07269e015b8b7a8f14f08eb07b431b9f70d25b7e509e8ae70bdcf37427d2b757a10adc7d569f42224f499c862d13a90b1f2

Malware Config
Targets
Target

340b6dde731c4ad30afc48d0266f38390c369c3d5a3b3021b667a239de8fbbf6

MD5

d5bf56df56fb286035f2ba1be411577b

Filesize

222KB

Score
8/10
SHA1

83f913a90bc11aba30f7873455de57365b9f9bf2

SHA256

340b6dde731c4ad30afc48d0266f38390c369c3d5a3b3021b667a239de8fbbf6

SHA512

897cf30a94f32ad87d8c56542f6fc07269e015b8b7a8f14f08eb07b431b9f70d25b7e509e8ae70bdcf37427d2b757a10adc7d569f42224f499c862d13a90b1f2

Tags

Signatures

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Drops startup file

  • Loads dropped DLL

  • Writes to the Master Boot Record (MBR)

    Description

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    Tags

    TTPs

    Bootkit

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    8/10

                    behavioral2

                    Score
                    8/10