Overview

overview

8

Static

static

9bb8ca69a0...10.exe

windows7_x64

8

9bb8ca69a0...10.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9bb8ca69a0118ba479292d3df9c99bb82d47263513be3d7ec3f78a134d6fa610

  • Size

    1.8MB

  • Sample

    220520-rx6ensbegj

  • MD5

    7d0feed35f03c2ffefc8736652d24a11

  • SHA1

    f30eadea0c0f1dfcaebf7689f9c2a655d5aa8bdd

  • SHA256

    9bb8ca69a0118ba479292d3df9c99bb82d47263513be3d7ec3f78a134d6fa610

  • SHA512

    51094cad122cf48fa5cbb92e3c78131a16fa29821b23b70ebf8e81a1d57ef22ed7ffc4e3460ae9e81fdc7ff20e9f27645cf3f62ee64f794eae76ff17a9be58af

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      9bb8ca69a0118ba479292d3df9c99bb82d47263513be3d7ec3f78a134d6fa610

    • Size

      1.8MB

    • MD5

      7d0feed35f03c2ffefc8736652d24a11

    • SHA1

      f30eadea0c0f1dfcaebf7689f9c2a655d5aa8bdd

    • SHA256

      9bb8ca69a0118ba479292d3df9c99bb82d47263513be3d7ec3f78a134d6fa610

    • SHA512

      51094cad122cf48fa5cbb92e3c78131a16fa29821b23b70ebf8e81a1d57ef22ed7ffc4e3460ae9e81fdc7ff20e9f27645cf3f62ee64f794eae76ff17a9be58af

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks