General

  • Target

    5edbe1c8a1323e88fdf95f31c9f72bb25d1ea67e71ac532540c79cf9f25d838f

  • Size

    4.5MB

  • Sample

    220520-dk9dxahfhp

  • MD5

    5e5cb405fe00fce0170ff03b6c27de65

  • SHA1

    b71ba01901946acf3dd9c607b0ab744b9bb2d8b3

  • SHA256

    5edbe1c8a1323e88fdf95f31c9f72bb25d1ea67e71ac532540c79cf9f25d838f

  • SHA512

    272f1457cf8f843ca00281347fd25a29840e7711773dbd60e1b923df3f2040f7720cd17dfe5c5fc8262fe8e0e03fc0334ac9b99abe6dac8d193d214fb221dea0

Score
8/10

Malware Config

Targets

    • Target

      5edbe1c8a1323e88fdf95f31c9f72bb25d1ea67e71ac532540c79cf9f25d838f

    • Size

      4.5MB

    • MD5

      5e5cb405fe00fce0170ff03b6c27de65

    • SHA1

      b71ba01901946acf3dd9c607b0ab744b9bb2d8b3

    • SHA256

      5edbe1c8a1323e88fdf95f31c9f72bb25d1ea67e71ac532540c79cf9f25d838f

    • SHA512

      272f1457cf8f843ca00281347fd25a29840e7711773dbd60e1b923df3f2040f7720cd17dfe5c5fc8262fe8e0e03fc0334ac9b99abe6dac8d193d214fb221dea0

    Score
    8/10
    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Bootkit

1
T1067

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Tasks