05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c | Triage

Submit
Reports

Overview

overview

8

Static

static

1

05c7101db8...3c.exe

windows7_x64

8

05c7101db8...3c.exe

windows10-2004_x64

8

Sharing

General

Target

05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c
Size

3.1MB
Sample

220520-fd3nwsddak
MD5

8f624f06bacd6651334446e80ff16972
SHA1

0494097ab18dc74945acdbca430c91d4d1a3e3b4
SHA256

05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c
SHA512

df64645de7143ae36ccee595365dd9e5f8a14cba463451b8fb0a1385b7262d43e11e6e39d915946443ee74bc7bc6d7de9e92b2e2db65e1142b33983ca46105f8

Score

8^/10

bootkit discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe

Resource

win7-20220414-en

bootkit discovery evasion persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c.exe

Resource

win10v2004-20220414-en

bootkit discovery evasion persistence trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c
- Size
  
  3.1MB
- MD5
  
  8f624f06bacd6651334446e80ff16972
- SHA1
  
  0494097ab18dc74945acdbca430c91d4d1a3e3b4
- SHA256
  
  05c7101db899b4a4d29f3009878124f8bbce6d0df49e9dba9b381c44e2357d3c
- SHA512
  
  df64645de7143ae36ccee595365dd9e5f8a14cba463451b8fb0a1385b7262d43e11e6e39d915946443ee74bc7bc6d7de9e92b2e2db65e1142b33983ca46105f8
Score

8^/10

bootkit discovery evasion persistence trojan
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistencetrojan

behavioral2

bootkitdiscoveryevasionpersistencetrojan

© 2018-2024

Terms | Privacy