3cb84625e97a52610b1cff37b2c6ff09532bf183d6af1c931ad216621f218710 | Triage

Sharing

General

Target

3cb84625e97a52610b1cff37b2c6ff09532bf183d6af1c931ad216621f218710
Size

367KB
Sample

221003-n3gfysedg3
MD5

68ed6f459c01a8b946389841c9f3ec23
SHA1

7122868dfe29bd89572721f9214dff8d8a655b8d
SHA256

3cb84625e97a52610b1cff37b2c6ff09532bf183d6af1c931ad216621f218710
SHA512

8527d83280c47376b6599eff330746081eb9d71b3b14868f864ef7366eb103d09240ead5732cef29a167d75e137a11979fd09e9ad20a2a9b11ca7d71c214e41a
SSDEEP

6144:2bN08PEOusznu93UfV7RDwE6ItUHIS50BXE0p69mmeJcCPMoeno9AWsB6a+dK2J7:P8PEnqfVWItUHT0BXE0JXUvndFz+dJJ7

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  3cb84625e97a52610b1cff37b2c6ff09532bf183d6af1c931ad216621f218710
- Size
  
  367KB
- MD5
  
  68ed6f459c01a8b946389841c9f3ec23
- SHA1
  
  7122868dfe29bd89572721f9214dff8d8a655b8d
- SHA256
  
  3cb84625e97a52610b1cff37b2c6ff09532bf183d6af1c931ad216621f218710
- SHA512
  
  8527d83280c47376b6599eff330746081eb9d71b3b14868f864ef7366eb103d09240ead5732cef29a167d75e137a11979fd09e9ad20a2a9b11ca7d71c214e41a
- SSDEEP
  
  6144:2bN08PEOusznu93UfV7RDwE6ItUHIS50BXE0p69mmeJcCPMoeno9AWsB6a+dK2J7:P8PEnqfVWItUHT0BXE0JXUvndFz+dJJ7
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence