cfee2d1e4e8cac29ba1304e2c6639b7bdf8dc5a111f5a6cfc94981c89060d367 | Triage

Submit
Reports

Overview

overview

9

Static

static

cfee2d1e4e...67.exe

windows7_x64

9

cfee2d1e4e...67.exe

windows10-2004_x64

9

Sharing

General

Target

cfee2d1e4e8cac29ba1304e2c6639b7bdf8dc5a111f5a6cfc94981c89060d367
Size

1.7MB
Sample

220520-rq9hragcb5
MD5

fde7ae84cb218ddabbfbbffeac0cce14
SHA1

251f033a47407fac551802866b8a2c829ed7b9c1
SHA256

cfee2d1e4e8cac29ba1304e2c6639b7bdf8dc5a111f5a6cfc94981c89060d367
SHA512

64fbd447595176955733a740df01deb45898123c50524146b869793bb358f17eeaba43d2182f5c16fb6cdd2e2848f30b8883ff7fda4348d047d5e8e0f3cdc730

Score

9^/10

bootkit discovery evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

cfee2d1e4e8cac29ba1304e2c6639b7bdf8dc5a111f5a6cfc94981c89060d367.exe

Resource

win7-20220414-en

bootkit discovery evasion persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cfee2d1e4e8cac29ba1304e2c6639b7bdf8dc5a111f5a6cfc94981c89060d367.exe

Resource

win10v2004-20220414-en

bootkit discovery evasion persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  cfee2d1e4e8cac29ba1304e2c6639b7bdf8dc5a111f5a6cfc94981c89060d367
- Size
  
  1.7MB
- MD5
  
  fde7ae84cb218ddabbfbbffeac0cce14
- SHA1
  
  251f033a47407fac551802866b8a2c829ed7b9c1
- SHA256
  
  cfee2d1e4e8cac29ba1304e2c6639b7bdf8dc5a111f5a6cfc94981c89060d367
- SHA512
  
  64fbd447595176955733a740df01deb45898123c50524146b869793bb358f17eeaba43d2182f5c16fb6cdd2e2848f30b8883ff7fda4348d047d5e8e0f3cdc730
Score

9^/10

bootkit discovery evasion persistence
- Looks for VirtualBox Guest Additions in registry
  evasion
- Executes dropped EXE
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoveryevasionpersistence

behavioral2

bootkitdiscoveryevasionpersistence

© 2018-2024

Terms | Privacy