Overview

overview

8

Static

static

8

999d9587fb...84.exe

windows7_x64

8

999d9587fb...84.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    999d9587fb9831e06f376b9054c641fc31b67096b9c9f859793b9cbc902acf84

  • Size

    1.2MB

  • Sample

    220524-2kfctsedaq

  • MD5

    da02266f9b13ebae7a39d285ec681a84

  • SHA1

    93c2b86b4411c97960a02d53f5221fdbd44b0a47

  • SHA256

    999d9587fb9831e06f376b9054c641fc31b67096b9c9f859793b9cbc902acf84

  • SHA512

    fbc6f710d921694855aaf7a22c38c81ef4f74441c85ce261e85cafe5021497adb738c3ff3a8b1a04ae583ff8d9f9d2e00842680798a1d63dd85cd7fce8fecea4

Score
8/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      999d9587fb9831e06f376b9054c641fc31b67096b9c9f859793b9cbc902acf84

    • Size

      1.2MB

    • MD5

      da02266f9b13ebae7a39d285ec681a84

    • SHA1

      93c2b86b4411c97960a02d53f5221fdbd44b0a47

    • SHA256

      999d9587fb9831e06f376b9054c641fc31b67096b9c9f859793b9cbc902acf84

    • SHA512

      fbc6f710d921694855aaf7a22c38c81ef4f74441c85ce261e85cafe5021497adb738c3ff3a8b1a04ae583ff8d9f9d2e00842680798a1d63dd85cd7fce8fecea4

    Score
    8/10
    bootkitpersistenceupx

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks