Overview

overview

8

Static

static

b4c23551e8...ae.exe

windows7_x64

8

b4c23551e8...ae.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4c23551e862b3b21b35f3984ea88d278f9ec4b78fe88460f5f63fa64beb83ae

  • Size

    604KB

  • Sample

    220524-r5cgkafac8

  • MD5

    73f00dce07e433dded8d9ad2fdfaaec0

  • SHA1

    2a444b5d2a61d3b322a631405fb9968df8f15a9b

  • SHA256

    b4c23551e862b3b21b35f3984ea88d278f9ec4b78fe88460f5f63fa64beb83ae

  • SHA512

    5d10eccf00094af9ed26707669d9511202b56d240bb8c3e9a12fc08b02da77caaca9a95be9a703ebee0ffbd6b87b83d155c812cef051bd81a06e7b65dfe88851

Score
8/10
bootkitmacromacro_on_actionpersistence

Malware Config

Targets

    • Target

      b4c23551e862b3b21b35f3984ea88d278f9ec4b78fe88460f5f63fa64beb83ae

    • Size

      604KB

    • MD5

      73f00dce07e433dded8d9ad2fdfaaec0

    • SHA1

      2a444b5d2a61d3b322a631405fb9968df8f15a9b

    • SHA256

      b4c23551e862b3b21b35f3984ea88d278f9ec4b78fe88460f5f63fa64beb83ae

    • SHA512

      5d10eccf00094af9ed26707669d9511202b56d240bb8c3e9a12fc08b02da77caaca9a95be9a703ebee0ffbd6b87b83d155c812cef051bd81a06e7b65dfe88851

    Score
    8/10
    bootkitmacromacro_on_actionpersistence

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

      macromacro_on_action

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks