Overview

overview

8

Static

static

8

bd5dd47e10...4d.exe

windows7_x64

8

bd5dd47e10...4d.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd5dd47e1056cbe504ce3aaeb70ff53e9ddfd78cc5fd391a7ea08f4092e86a4d

  • Size

    1.5MB

  • Sample

    220524-s3edtabhdn

  • MD5

    17d6b15ea5cb03db002d2257a2aae99a

  • SHA1

    18a259e6f2ef8ea0da6da08addd54f04a7cd18fb

  • SHA256

    bd5dd47e1056cbe504ce3aaeb70ff53e9ddfd78cc5fd391a7ea08f4092e86a4d

  • SHA512

    5925e0842b68263ed5df75205ee69faa545c5d8acc4e56d40dd29d0bd2abfe0667220da533ace288e502de9372680726aef90db29efe40ba4a520b1d357cbbce

Score
8/10
bootkitpersistenceupx

Malware Config

Targets

    • Target

      bd5dd47e1056cbe504ce3aaeb70ff53e9ddfd78cc5fd391a7ea08f4092e86a4d

    • Size

      1.5MB

    • MD5

      17d6b15ea5cb03db002d2257a2aae99a

    • SHA1

      18a259e6f2ef8ea0da6da08addd54f04a7cd18fb

    • SHA256

      bd5dd47e1056cbe504ce3aaeb70ff53e9ddfd78cc5fd391a7ea08f4092e86a4d

    • SHA512

      5925e0842b68263ed5df75205ee69faa545c5d8acc4e56d40dd29d0bd2abfe0667220da533ace288e502de9372680726aef90db29efe40ba4a520b1d357cbbce

    Score
    8/10
    bootkitpersistenceupx

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks