6eb8d9c60dc7ee22068823058d75acd2b481b08e80ff71fe7453238e320699a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6eb8d9c60dc7ee22068823058d75acd2b481b08e80ff71fe7453238e320699a0
Size

4.2MB
Sample

221026-2ykjpshgak
MD5

cda95c74d63b21140af33f33e9f3d5be
SHA1

6130313a029b981b52283b5e205918da4b8891a4
SHA256

6eb8d9c60dc7ee22068823058d75acd2b481b08e80ff71fe7453238e320699a0
SHA512

08fa1d7e97fbff19856bf79c97a81d1d6162ba8f1248961ca5e308d0b1407ba07864b2f2db90df7a9c62bae45b50136c09a53320349162847d2d979a21076c41
SSDEEP

98304:XKcQRF9EkcfWRRclPEzPFiwr3G9QJSJoWq6kUkoRVuPwz0qo:fazuh85iwr29TJnLkUko/uXr

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  6eb8d9c60dc7ee22068823058d75acd2b481b08e80ff71fe7453238e320699a0
- Size
  
  4.2MB
- MD5
  
  cda95c74d63b21140af33f33e9f3d5be
- SHA1
  
  6130313a029b981b52283b5e205918da4b8891a4
- SHA256
  
  6eb8d9c60dc7ee22068823058d75acd2b481b08e80ff71fe7453238e320699a0
- SHA512
  
  08fa1d7e97fbff19856bf79c97a81d1d6162ba8f1248961ca5e308d0b1407ba07864b2f2db90df7a9c62bae45b50136c09a53320349162847d2d979a21076c41
- SSDEEP
  
  98304:XKcQRF9EkcfWRRclPEzPFiwr3G9QJSJoWq6kUkoRVuPwz0qo:fazuh85iwr29TJnLkUko/uXr
Score

8^/10

bootkit persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence