e0ae1a570a441d8d1d658c232e71e14fae8b6b4c0617a8e1a5a525751f591438 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0ae1a570a441d8d1d658c232e71e14fae8b6b4c0617a8e1a5a525751f591438
Size

5.7MB
Sample

221003-2hvdzaadg2
MD5

39ba97a5cfea4f0cfa6fd4f772cf1605
SHA1

22956f8b724c4f0c1c3f6971071629d8fd77965e
SHA256

e0ae1a570a441d8d1d658c232e71e14fae8b6b4c0617a8e1a5a525751f591438
SHA512

751cbec6dc7ede31124bc126ea5ab64ec8c52d1225ba2f01e1e15d14bb3ce193183c30fbe37d4ec995155607c02bdc31cbda4aed512dd6d832e4c3d70660b432
SSDEEP

98304:XKcQRF9E5VsR/VbYQCaTldP03uR0P8iwr3GSlPEz3cfWRRAQR9Jh:fazSsFVbY7a/P0x0iwr2u8KB+Jh

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  e0ae1a570a441d8d1d658c232e71e14fae8b6b4c0617a8e1a5a525751f591438
- Size
  
  5.7MB
- MD5
  
  39ba97a5cfea4f0cfa6fd4f772cf1605
- SHA1
  
  22956f8b724c4f0c1c3f6971071629d8fd77965e
- SHA256
  
  e0ae1a570a441d8d1d658c232e71e14fae8b6b4c0617a8e1a5a525751f591438
- SHA512
  
  751cbec6dc7ede31124bc126ea5ab64ec8c52d1225ba2f01e1e15d14bb3ce193183c30fbe37d4ec995155607c02bdc31cbda4aed512dd6d832e4c3d70660b432
- SSDEEP
  
  98304:XKcQRF9E5VsR/VbYQCaTldP03uR0P8iwr3GSlPEz3cfWRRAQR9Jh:fazSsFVbY7a/P0x0iwr2u8KB+Jh
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence