258df4e7dc5b41d972db3d589456130f71a6a26f44cdb5660d28c10f9bdc606d | Triage

Sharing

General

Target

258df4e7dc5b41d972db3d589456130f71a6a26f44cdb5660d28c10f9bdc606d
Size

727KB
Sample

220919-tm8s6abhej
MD5

fced0ba13b11a53d920b02bf8fd7a1ca
SHA1

e2bba12d79fe865146e6b02f79641852cfaa4040
SHA256

258df4e7dc5b41d972db3d589456130f71a6a26f44cdb5660d28c10f9bdc606d
SHA512

3f03383d41a88ac00485a4da6ef6ec38d794fd5243cdb0cd9ac61c6570575e726bf6560a7da922cd8af8c7f823304d0b69759f24ef43f797549e0914b030d160
SSDEEP

12288:i9UAnhPd6qmvCLAsShDHA8jgn7q8DBzYzEBODFkMOOrMzYrNvzKWOyIWWBzNc7dp:i9UAxd69K8NhDvY7quY7xPvRqWichNYa

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  258df4e7dc5b41d972db3d589456130f71a6a26f44cdb5660d28c10f9bdc606d
- Size
  
  727KB
- MD5
  
  fced0ba13b11a53d920b02bf8fd7a1ca
- SHA1
  
  e2bba12d79fe865146e6b02f79641852cfaa4040
- SHA256
  
  258df4e7dc5b41d972db3d589456130f71a6a26f44cdb5660d28c10f9bdc606d
- SHA512
  
  3f03383d41a88ac00485a4da6ef6ec38d794fd5243cdb0cd9ac61c6570575e726bf6560a7da922cd8af8c7f823304d0b69759f24ef43f797549e0914b030d160
- SSDEEP
  
  12288:i9UAnhPd6qmvCLAsShDHA8jgn7q8DBzYzEBODFkMOOrMzYrNvzKWOyIWWBzNc7dp:i9UAxd69K8NhDvY7quY7xPvRqWichNYa
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence