Overview

overview

8

Static

static

8

eb63d3f8a9...f2.exe

windows7_x64

7

eb63d3f8a9...f2.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb63d3f8a93f6b633bf327facc16eaec23d3b7b599fa872d546396c2928eecf2

  • Size

    3.3MB

  • Sample

    220521-a49x1abcf3

  • MD5

    2630e21380cd389caa9a31e5b7113ab0

  • SHA1

    67dd9f56bb740893b075afcf6572d645e2e31c8d

  • SHA256

    eb63d3f8a93f6b633bf327facc16eaec23d3b7b599fa872d546396c2928eecf2

  • SHA512

    68cc1da89814aa666dab9f57b6414ad2bc3e75659886b9718e2261d6098aa109dbe7a2809956497da11fffe305943511a13e27b96bd364719d4469a04f10ea84

Score
8/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      eb63d3f8a93f6b633bf327facc16eaec23d3b7b599fa872d546396c2928eecf2

    • Size

      3.3MB

    • MD5

      2630e21380cd389caa9a31e5b7113ab0

    • SHA1

      67dd9f56bb740893b075afcf6572d645e2e31c8d

    • SHA256

      eb63d3f8a93f6b633bf327facc16eaec23d3b7b599fa872d546396c2928eecf2

    • SHA512

      68cc1da89814aa666dab9f57b6414ad2bc3e75659886b9718e2261d6098aa109dbe7a2809956497da11fffe305943511a13e27b96bd364719d4469a04f10ea84

    Score
    7/10
    bootkitpersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks