Overview

overview

10

Static

static

c50b41fdd4...fb.exe

windows7-x64

10

c50b41fdd4...fb.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c50b41fdd4dfcf08e78196515844cde963483d438b956624c5cba918dc95c8fb

  • Size

    354KB

  • Sample

    221003-jcnp5adcg7

  • MD5

    62a9ad59cfe91beebbba0d5320642a1b

  • SHA1

    6412658c64937408c0b0d95998efcf2e4ed28a7a

  • SHA256

    c50b41fdd4dfcf08e78196515844cde963483d438b956624c5cba918dc95c8fb

  • SHA512

    65be3dc0afef1a5867fa6530e1dba5d3c69a5af2c4568b03958c572fd3b7e70a626b069622dc71add170ad6fb7edd32808709ea5925e618bc5e28a40b1d787b1

  • SSDEEP

    6144:t+LTf773NZUR+vwKvLz2EpWzEvRyIeE8YV/RrNthQnIt16NApKsGCkK3I:t+LTf7737cRYvRyIeE559Nf2Itxp3GC8

Score
10/10
bootkitevasionpersistence

Malware Config

Targets

    • Target

      c50b41fdd4dfcf08e78196515844cde963483d438b956624c5cba918dc95c8fb

    • Size

      354KB

    • MD5

      62a9ad59cfe91beebbba0d5320642a1b

    • SHA1

      6412658c64937408c0b0d95998efcf2e4ed28a7a

    • SHA256

      c50b41fdd4dfcf08e78196515844cde963483d438b956624c5cba918dc95c8fb

    • SHA512

      65be3dc0afef1a5867fa6530e1dba5d3c69a5af2c4568b03958c572fd3b7e70a626b069622dc71add170ad6fb7edd32808709ea5925e618bc5e28a40b1d787b1

    • SSDEEP

      6144:t+LTf773NZUR+vwKvLz2EpWzEvRyIeE8YV/RrNthQnIt16NApKsGCkK3I:t+LTf7737cRYvRyIeE559Nf2Itxp3GC8

    Score
    10/10
    bootkitevasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks