eb63d3f8a93f6b633bf327facc16eaec23d3b7b599fa872d546396c2928eecf2

General
Target

eb63d3f8a93f6b633bf327facc16eaec23d3b7b599fa872d546396c2928eecf2

Size

3MB

Sample

220521-a49x1abcf3

Score
8 /10
MD5

2630e21380cd389caa9a31e5b7113ab0

SHA1

67dd9f56bb740893b075afcf6572d645e2e31c8d

SHA256

eb63d3f8a93f6b633bf327facc16eaec23d3b7b599fa872d546396c2928eecf2

SHA512

68cc1da89814aa666dab9f57b6414ad2bc3e75659886b9718e2261d6098aa109dbe7a2809956497da11fffe305943511a13e27b96bd364719d4469a04f10ea84

Malware Config
Targets
Target

eb63d3f8a93f6b633bf327facc16eaec23d3b7b599fa872d546396c2928eecf2

MD5

2630e21380cd389caa9a31e5b7113ab0

Filesize

3MB

Score
7/10
SHA1

67dd9f56bb740893b075afcf6572d645e2e31c8d

SHA256

eb63d3f8a93f6b633bf327facc16eaec23d3b7b599fa872d546396c2928eecf2

SHA512

68cc1da89814aa666dab9f57b6414ad2bc3e75659886b9718e2261d6098aa109dbe7a2809956497da11fffe305943511a13e27b96bd364719d4469a04f10ea84

Tags

Signatures

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Deletes itself

  • Writes to the Master Boot Record (MBR)

    Description

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    Tags

    TTPs

    Bootkit

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    8/10

                    behavioral1

                    7/10

                    behavioral2

                    7/10