Description
Looks up country code configured in the registry, likely geofence.
General
Target
Size
Sample
340b6dde731c4ad30afc48d0266f38390c369c3d5a3b3021b667a239de8fbbf6
222KB
220520-d6agpsaggk
Score
8/10
MD5
SHA1
SHA256
SHA512
d5bf56df56fb286035f2ba1be411577b
83f913a90bc11aba30f7873455de57365b9f9bf2
340b6dde731c4ad30afc48d0266f38390c369c3d5a3b3021b667a239de8fbbf6
897cf30a94f32ad87d8c56542f6fc07269e015b8b7a8f14f08eb07b431b9f70d25b7e509e8ae70bdcf37427d2b757a10adc7d569f42224f499c862d13a90b1f2
Malware Config
Targets
Target
MD5
Filesize
340b6dde731c4ad30afc48d0266f38390c369c3d5a3b3021b667a239de8fbbf6
d5bf56df56fb286035f2ba1be411577b
222KB
Score
8/10
SHA1
SHA256
SHA512
83f913a90bc11aba30f7873455de57365b9f9bf2
340b6dde731c4ad30afc48d0266f38390c369c3d5a3b3021b667a239de8fbbf6
897cf30a94f32ad87d8c56542f6fc07269e015b8b7a8f14f08eb07b431b9f70d25b7e509e8ae70bdcf37427d2b757a10adc7d569f42224f499c862d13a90b1f2
Tags
Signatures
-
Executes dropped EXE
-
Checks computer location settings
-
Drops startup file
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Description
Bootkits write to the MBR to gain persistence at a level below the operating system.
Tags
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
8/10
behavioral2
Score
8/10