b266875808b91d14f2dc5dfe2c34f0727754272bdee225454893fa61f4b6f8e5 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

b266875808...e5.exe

windows7_x64

8

b266875808...e5.exe

windows10-2004_x64

8

Sharing

General

Target

b266875808b91d14f2dc5dfe2c34f0727754272bdee225454893fa61f4b6f8e5
Size

7.2MB
Sample

220524-q7v61sdea2
MD5

81ff725e361d90040546ccfe24928a9e
SHA1

aca3b80a588838310b5ba828350b086c9c4ffac5
SHA256

b266875808b91d14f2dc5dfe2c34f0727754272bdee225454893fa61f4b6f8e5
SHA512

349cbc4974f395ab7e7ea6c7e86960feff326c821c1dc11b413be9a355def93fe6db0acee24ef5a56926c15a76149039a4153fe42a0de4552b8729d8bdb4fd33

Score

8^/10

bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

b266875808b91d14f2dc5dfe2c34f0727754272bdee225454893fa61f4b6f8e5.exe

Resource

win7-20220414-en

bootkit discovery persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b266875808b91d14f2dc5dfe2c34f0727754272bdee225454893fa61f4b6f8e5.exe

Resource

win10v2004-20220414-en

bootkit discovery persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  b266875808b91d14f2dc5dfe2c34f0727754272bdee225454893fa61f4b6f8e5
- Size
  
  7.2MB
- MD5
  
  81ff725e361d90040546ccfe24928a9e
- SHA1
  
  aca3b80a588838310b5ba828350b086c9c4ffac5
- SHA256
  
  b266875808b91d14f2dc5dfe2c34f0727754272bdee225454893fa61f4b6f8e5
- SHA512
  
  349cbc4974f395ab7e7ea6c7e86960feff326c821c1dc11b413be9a355def93fe6db0acee24ef5a56926c15a76149039a4153fe42a0de4552b8729d8bdb4fd33
Score

8^/10

bootkit discovery persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

behavioral2

bootkitdiscoverypersistence

© 2018-2024

Terms | Privacy