Overview

overview

8

Static

static

0cdead5328...9d.exe

windows7-x64

8

0cdead5328...9d.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0cdead53285bef7b75782f1d46c82934f60ab372a944142efe0b3cc54d0fb39d

  • Size

    400KB

  • Sample

    221124-aazvyadh29

  • MD5

    349fad42277afb30c8324b3b83c57d35

  • SHA1

    bd99021a4e77d1ea517f91981c9b34cef217bea2

  • SHA256

    0cdead53285bef7b75782f1d46c82934f60ab372a944142efe0b3cc54d0fb39d

  • SHA512

    d8b07c6af456c55049d1fdf916a8a2ba77ca4e138ffb258f6a7419fb4ece6ac9ba843bc9b35e4d45875b1d15d4fa74a22f1abfd86bdcb7ad2a1d2448505f1391

  • SSDEEP

    6144:HMkXEBJ4f03VZSaH8WwQVcD4fsomxbHQlGUi2jhsmHplLxPRJfsoy/Oti+azNC:AVoIJwQVcD4fnGUJsmHplLxJJf5uzY

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      0cdead53285bef7b75782f1d46c82934f60ab372a944142efe0b3cc54d0fb39d

    • Size

      400KB

    • MD5

      349fad42277afb30c8324b3b83c57d35

    • SHA1

      bd99021a4e77d1ea517f91981c9b34cef217bea2

    • SHA256

      0cdead53285bef7b75782f1d46c82934f60ab372a944142efe0b3cc54d0fb39d

    • SHA512

      d8b07c6af456c55049d1fdf916a8a2ba77ca4e138ffb258f6a7419fb4ece6ac9ba843bc9b35e4d45875b1d15d4fa74a22f1abfd86bdcb7ad2a1d2448505f1391

    • SSDEEP

      6144:HMkXEBJ4f03VZSaH8WwQVcD4fsomxbHQlGUi2jhsmHplLxPRJfsoy/Oti+azNC:AVoIJwQVcD4fnGUJsmHplLxJJf5uzY

    Score
    8/10
    bootkitpersistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks